Free Software at Risk Under Lemon law 393
mpawlo writes: "Newsforge published a piece I wrote on a lemon law for software. That is - what would happen if shrinkwrap limitation of liability clauses would be banned? I think Microsoft and the GNU Project would both suffer."
Really? (Score:5, Insightful)
"We all know that the open and distributed model for development described in Eric S. Raymond's book "The Cathedral and the Bazaar" is much better and creates more reliable products than any closed non-distributed development model. "
I'm wondering if the author can substantiate this claim with facts.
This is the primary problem with Open Source advocacy, it relies a lot upon blind faith.
Re:Really? (Score:3, Insightful)
I think that facts can be referenced by security incidents, patches, and accessibility on complete products. One of the problems with open-source systems: a lot don't go 1.0. If the program works great, but never goes 1.0 release then no one can critique its bugs because it is still in development.
To be fair to closed-source projects, you cannot group Microsoft Windows into the same catagory with something like Unicos. Both are closed-source, but Unicos is particularly designed for a specific platform on specific hardware, where Windows is designed to run on a handful of platforms (NT on MIPS, PPC, etc, and "regular" Windows on x86->P4) and on just about any hardware thrown at it. Windows would be more stable (forget security for a sec) if people would keep it running on hardware designed for Windows with proper drivers sanctioned by Microsoft.
As for open-source there are many pieces of software that just plain suck! We all need to be honest!
Re:Really? (Score:2, Insightful)
No, you have it backwards. A well designed OS would not barf all over itself and dy because of a bad driver. The driver/device might fail, but the OS would chug right along.
As for open-source there are many pieces of software that just plain suck! We all need to be honest!
You are right, there are plenty of open-source software projects that suck. Of course, there are plenty of closed-source software projects that suck too. I don't see the relevance at all.
Re:Really? (Score:2, Informative)
Well, that rules out most operating systems then. Most OS's run drivers at the same privilidge level as the kernel, and hence a broken driver can crash your system.
In fact, many hardware architectures only support two privildge levels, so it's impossible to fix this in general (though x86 supports 4, which would allow the OS to protect itself somewhat from a rogue driver).
Re:Really? (Score:5, Informative)
No, you have it backwards. A well designed OS would not barf all over itself and dy because of a bad driver. The driver/device might fail, but the OS would chug right along.
Yeah, good thinking. Then we'd never see freezes like this, right?
---------
Unable to handle kernel NULL pointer dereference at virtual address 00000016 printing eip: d18677ac
pgd entry c14a1000: 0000000000000000
pmd entry c14a1000: 0000000000000000
... pmd not present!
Oops: 0000
CPU: 0
EIP: 0010:[]
EFLAGS: 00010097
eax: 00000004 ebx: c78306b8 ecx: 00000006 edx: cfaf1b40
esi: 00000016 edi: c78306b8 ebp: c7830540 esp: c026ff14
ds: 0018 es: 0018 ss: 0018
Process swapper (pid: 0, stackpage=c026f000)
Stack: 00000000 00000004 00000000 00000016 cfaf1b40 00000046 00000987
000001a7
00000001 c7830400 00002710 c011daa8 00000246 00000000 c02ad5a0
003c0000
c5829da0 24000001 00000003 c026ffa8 c010a30a 00000003 c7830400
c026ffa8
Call Trace: [<c011d1a8>] [<c010a30a>] [<c010a488>] [<c0107240>] [<c0107240>]
[<c01090c4>] [<c0107240>]
[<c0107240>] [<c0100018>] [<c0107263>] [<c010722e2>] [<c0105000>]
[<c0100191>]
Code: f3 a6 0f 97 c2 c0 38 c2 0f 84 d4 fe ff ff ff 44 24 08
Kernel panic: Aiee, Killing interrupt handler!
In interrupt handler -- not syncing
--------
I am so sick of this elitist bullshit around here. Software crashes!! Get it? OK?? Nothing is completely immune, you know, humans write OSes, there's bound to be a few bugs here and there. When drivers run at Kernel Level, and they fuck up, that's when shit goes haywire.
That's the #1 reason Microsoft introduced "driver signing" in Windows 2000 and XP (and certification before that) --- to avoid shit like that. If the driver isn't certified by them, they're warning you, if shit goes wrong, it's your fault.
Re:Really? (Score:2)
However I am not claming that Win3.1,95,98, and ME were not pathetic excuses for operating systems.
Re:Really? (Score:2, Informative)
Re:Really? (Score:2, Informative)
Take for example this snippet from the Exchange SP4 upgrade info page: [microsoft.com]
S20557 Sp4_40na.exe Windows NT Alpha client 5,874,326
S20558 Sp4_40ni.exe Windows NT Intel client 4,342,909
S20559 Sp4_40nm.exe Windows NT MIPS client 5,961,796
S20560 Sp4_40np.exe Windows NT PPC client 5,150,868
Re:Really? (Score:2)
Methinks blind faith applies to Closed Source. With Open Source you get to use your eyes.
For facts, with Open Source edge and corner cases can be diagnosed and debugged AFTER release. Effectively you tend to get 1 or 2 more 9's more reliable product with minimal cost. There's no magic bullet and not even Open Source will make everything bug-free, but Open Source is probably the only effective way to deal with "scissors, paper, stone" scenarios where the is no a priori solution.
Lemon Law and Free Softwares (Score:3, Insightful)
I don't know how that Lemon Law was written, and as a NON-lawyer, I just has this to say
Think of Free Softwares as Lemons you picked from a Lemon Orchard.
Thank of Commercially Shrinkwrapped Softwares as the one you purchase from supermarket.
Both the Free Softwares (aka Lemons you picked from Lemon Orchard) and Commercially Shrinkwrapped Softwares (aka Lemons you bought from supermarket) _WERE_ owned by somebody BEFORE it got into your hand.
If you ate the Lemons you picked (FREE) from a Lemon Orchard, and you got sick from it, how much right you have on SUING the Lemon Orchard owner ?
On the other hand, if you purchased a lemon from a Supermarket, ate that thing and you got sick, I am sure you have causes to sue the supermarket owner.
Applying the above principle, I don't think those who wrote Free Softwares (other than those who had BAD INTENTIONS) can be successfully sued - for the users of FREE Sofwares didn't pay ANYTHING to the authors.
On the other hand, the producers of Commercial shrikwrapped Softwares might be liable for whatever harm that comes from the softwares - for the authors of the commercial softwares got PAID by the users, either directly, or indirectly.
And let me re-iterate this - I am NOT a lawyer. Do not take what I say as fact, please !
Re:Really? (Score:2)
Is GIMP really better than Photoshop? That's what this author is claiming in his quote. Are you claiming the same?
Re:Really? (Score:2)
So just where does Gimp actually fail and PS suceed? Nay-sayers are always picking on Gimp, including many people who work with PS alot. Yet when it comes to specific criticisms, no one says a damn thing. You think the Gimp team wouldn't mind some honest criticisms? You could expect fixes within weeks.
Most people that rant about it, are simply pissed that they've learned to work around Adobe's cruddy flaws for years, and that experience would be useless if they switch to Gimp. Boo fucking Hoo.
And Gimp isn't even a particularly good example for OSS. If I were choosing unfairly, I could find many more favorable examples.
Re:Really? (Score:2)
Re:Really? (Score:2)
Anyone who believes that has not seen Photoshop 7 running on Mac OS X.
Re:Really? (Score:3, Insightful)
This is one of the biggest problems with OSS: Poor evaluation of software quality.
Geeks don't generally use photoshop, artists (the types who don't frequent
Re:Really? (Score:2)
Patents. (Score:3, Informative)
Claiming that a piece of software is inadequate because the maker of the competing software uses legal means to stop competitors from implementing a piece of functionality is really quite stupid.
himi
Re:Really? (Score:3, Insightful)
The MySQL and PostgreSQL people arent stupid, when Borland open-sourced Interbase they were like "Oh my GOD! These megacorporate development teams totally outclass us." Even Postgres can't even now come anywhere near Interbase despite the fact they've got all that code to copy-and-paste from. Heck Postgres only a short time ago fixed their field size limitation.
What we need to do now is work out how succesful open source projects e.g. Samba, Apache get through difficult times, e.g. meticulous bug-hunting OpenBSD-style, massive code rewrites. Then we can stick this message onto the front of Sourceforge.
Poor Example (Score:2)
Perhaps comparing IIS breakins vs. Apache breakins, especially given that there are more Apache servers on the web (and probably run by more amateurs than IIS admins). Or FreeBSD vs. Windows 2000 vulnerabilities. Or, to be fair, sendmail vs. Exchange (although I'm guessing a lot of people are using things like exim these days). Or how about PostgreSQL vs MSSQL?
These are critical pieces of software that are actually vulnerable to massive data loss. GIMP and Photoshop do not qualify in the same way. Throwing out the term "anecdotal evidence", does not change the fact if you look at the list, you'll find that more often than not, open software beats or at least matches the security and reliability record of its closed counterparts.
Re:Really? (Score:2)
Would it be ok for Microsoft to release code that they knew was flawed and full of holes, if they, too, called their software beta-grade and never made it to a release version? No, didn't think so. (How long has some open source code been "beta"? Mozilla?) Use testing is important, it does find some bugs that need fixing, and it also finds some of those usability issues that most free software projects ignore when initially writing the apps. But it doesn't find nearly all of the bugs that may exist. Worse, since the user was just tooling around doing whatever when they hit a bug, they may not be able to remember the steps to reproduce the bug - so even if a big, glaring, ohmigod error is found, you may not be able to find it to fix it.
Depeding primarily on public "beta" testing to find your bugs is very similar to finding landmines by herding sheep through the area. Given enough time (and sheep!) you will have found and dealt with pretty much all the mines along the most common paths. And maybe a few sheep strayed off and found some mines outside of the more familiar areas. But there may still be huge unknown problems just waiting for someone to go off the beaten trail just a little. Real software testing involves a formal process and trained professionals who attempt to test every single portion of an application, one step at a time. It's slow, often tediously dull work, and a test cycle may take longer than the original writing process. But it is much better for a tester to spend the time finding the bug so it can get fixed before the app goes out the door, than for a user to find the bug the hard way and lose data or miss deadlines.
No amount of reading code makes up for the lack of serious QA. MS has more testers for some of its products than many open source apps have users. And guess what, those "many eyes" still missed some bugs. Just imagine what the code would be like if they just stuck a greek "b" on the box and let the users find all the bugs themselves.
Re:Really? (Score:2, Insightful)
If Microsoft was annoucing that for $200 you could buy the latest version of WindowsXP, I think do not think many people would bite. With commercial companies, they want there product to function right out of the box. Over the years, I have not had many chances to install Windows, but when I have it worked great. It's only ever I start playing around and "tweaking" things does the system start going a little haywire. And granted, like you said, not all the bugs can be caught. (Even user created ones.
But, with freely available source code, you better know what you are getting into when you download the source. I am not going to discredit the developers because I am sure many of them try their best to have the software work as well as it can. They have there own QA procedures and debug methods which might not qualify them for Six Sigma but it shakes out some bugs. Those downloading the beta stuff know it might still be buggy and are usually sympathic to the developers and will report bugs if they run into them.
Mozilla is are great example of such a product. Using Bugzilla, users can post bugs and errors they find in the course of running the software. I admit this isn't for the weak of heart or the computer illiterate, but then again, how many computer illiterate people are going to want to install Linux and download Mozilla - or any other free software for that matter - for their system. Unless they have an interest in learning about Linux and becoming computer literate, I say very few.
I should have originally stated that public beta testing or "screwing the user" is one of the ways to shake bugs out of the code. I am sure developers do their fair share and they look towards interested users who are willing to help. Especially if you can't afford a QA department, in the free software world, public beta testing isn't such a bad deal. Not ideal mind you, but not too shabby either.
(And I should add, you will have those developers who are like "Listen. This works on my machine. If it doesn't work on yours, fix it. I'm too busy to deal with you." And in that case, there public beta testing is really "screwing the user".)
How does GNU suffer ? (Score:4, Insightful)
GPL software liability would be born by the distributors, and not by the authors (as the article claims). Distributors of software merely need to be reasonably accurate as to the capabilities of their software. Authors of software have no real issues.
Microsoft has a lot of its retail sales go through OEM manufacturers. Those OEMs would bear a heavy liability. So you can predict that the OEMs would rapidly reconfigure Windows to turn off all the nasties like ActiveX, auto-execution of attachments, automatic installation of servers like IIS, macro executable capabilities in Office, etc. Essentially, they would make Windows secure by default.
But I think reasonable liability for software sellers is a good thing.
Re:How does GNU suffer ? (Score:2, Insightful)
Yep. IANAL, but liability attorneys aren't likely to sue Open Source authors because A) there was no money actually paid to them by customers, and B) Open Source authors aren't likely to have as much in the way of financial resources as the software publishers. When you sue in a liability case, you go for the deep pockets.
Re:How does GNU suffer ? (Score:2)
How about corporations that contributed to thr free software codebase? They may just hav ethe deep pockets or insurance to cover a claim. In addiotn, with enough people writing code, *someone* may just have enough assets to cover a claim. I guess, in theory, someone could name everyone involved with the development of the code and then collect from homever has the assets. Even if you have no money, the threat of being sued may be enough to stifle development. As for companies, they'd have to think before getting involved with free software about the liability danger.
Re:How does GNU suffer ? (Score:2)
After that they can start making REAL money. When you limit the analisis, the evil minds win.
Re:How does GNU suffer ? (Score:3, Insightful)
I'm going to now go out and make a distributing company! Yes, now not only do I have to peer review EVERY line of code that goes into what I distribute, but I have to accept liability for it if it screws up! Yeah, I'm sure VC would be totally into that.
Re:How does GNU suffer ? (Score:3, Insightful)
I disagree with this. All it would take to put the fear of a lawsuit into all developers considering releasing code under GPL is one large organization who had a vested intersest in shutting down GPL code. [microsoft.com] I wonder if anyone like that exists.
Re:How does GNU suffer ? (Score:2)
Simple. I go to my boss and say I want to do X, and package Y suits our needs. Boss runs the Software License by legal(which is standard practice in most companies) and legal tells us we can't use it because of the liability disclaimer.
Right now everybody has one of those disclaimers, but if the law changes... that makes the commercial software all the more attractive.
Re:How does GNU suffer ? (Score:2)
There will always be a niche for business needs to be filled by software backed by businesses. This in no way indicates it will come without liability. Call up IBM and ask them for a service contract with liability. Or RedHat. Or any other service oriented UNIX company. GPL'd software can be gotten by distributors that will provide reasonable assurances of its function. The difference between it and proprietary software is that GPL'd software can also usually be obtained for free with no liability.
Re: gradients (Score:2)
IMHO, it would be best to have a gradient of solution, depending on the problem. For a simple example, a desktop user may use unwarranted software for a shopping list, but should requiere a warranted product for shopping on the net.
A warranted product would be a product that conforms to some fixed requirements. For example, the shopping software (or tool) should be open source, or audited, or the company selling/offering it should be liable in some cases.
Not all products should be in the same bag. My scheduling program is important, but not as important as my bank accounts (for example).
Re:How does GNU suffer ? (Score:2)
It is pretty simple - do the math.
If OEMs are contractually obliged to ship software as configured by Microsoft, then who is liable under lemon laws ?
Re:How does GNU suffer ? (Score:2)
Not really. There has to be a sale for there to be a contract of sale, and for there to be a lemon law. It is not like the authors sell you a CD with the software with more than a charge for copying it. When you download some free software from a web site, legally you are distributing it (since you are making the copy).
Imported software (Score:2)
Not true... (Score:2)
a disclaimer that states "This is beta software only and is not to be used for anything important. We guarentee that it will break, lose all your data, and possibly burn down your house and several near it. DO NOT USE THIS SOFTWARE"
that will instantly make it immune to any "lemon law"
Re:Not true... (Score:2)
It's funny, not offtopic.
Re:Not true... (Score:2)
a disclaimer that states "This is beta software...DO NOT USE THIS SOFTWARE"
that will instantly make it immune to any "lemon law"
It would also instantly make it immune from any serious IT department!
Re:Not true... (Score:2)
Interesting comment - not by me (Score:5, Interesting)
by Anonymous Reader on 2002.05.11 13:21
I am not a lawyer (thankfully), but I do know that if I pay for something, and it fails, I am entitled to compensation. If it fails from negligence or designed error, then there can be punitive damages. But let's examine the case of a Linux/BSD web server, running Apache, MySQL, and PostNuke.
To be safe, I download for free a non-commercial Linux such as Debian, or FreeBSD. I might be mistaken, but both are developed by groups of people, and anyone is allowed entry if they are competent enough coders. But a group is not a company. The whole corporation/private/public/IPO thing. I acquire, freely and legally, a copy of their work. They might have benefactors and patrons, but that isn't the same as employers.
So I download Apache, MySQL, and PostNuke. All fall under the same category. Maybe MySQL doesn't, then just replace MySQL/PostNuke with Perl/DBI.
So now a huge bug develops, a hole so large, it had to be coded in Redmond. I lose all my data, my competitors get my secrets, and I'm on unemployment line next to Enron execs. Who do I have to blame?
Let's see, someone or some people worked on a project that was supposed to do some particular task. They made it freely available, source and all, so that others might work on it as well. They made no claims about it's security, stability, etc. Others may have, but they did not misrepresent the software in any way.
I did not contribute, but I saw an opportunity to use their work. So I did. They received nothing from me, not money, not anything. And, the whole time, the company kept no secrets about the product, and in fact, by making the source available, does just the opposite.
There was no intent to decieve, nor any misrepresentation. By not purchasing the product nor any sort of service contract, I entered into no agreement with the group.
Going in, I understand the risks. I assume the responsibility if problems occur. This is 180 degrees different from microsoft, since they make plenty of claims, and since there is a legal agreement between a company and microsoft, and because they are marketing a product with known liabilities.
No, free/open source software doesn't stand to be shut down, rather it stands to gain tremendously. The problem is for companies like RedHat which sell and service open source software. So, form the commercial standpoint, it hurts linux companies who don't have billions to spend on lawyers, like er um, microsoft. But it doesn;t hurt open source software.
rob mandel
^^^----- Posted anonymously here [newsforge.com]
Re:Interesting comment - not by me (Score:3, Insightful)
I don't even think that it will hurt Red Hat too badly. Normally (except in the case of injury or death), the vendor's liability for any product is limited to the purchase price. And Red Hat's business model is to make money off the consulting services, not particularly off the CD distributions. So they should be able to cover small claims on this front. And remember, even if a huge company installs it on 250 machines and sues, they probably only bought one copy, so the liability is still small.
Even better, the way lemon laws work gives the vendor an option: return the purchase price or fix the problem to a customer's satisfaction. If an Open Source vendor runs into a huge bug with hundreds or thousands of claims, they are also likely to have a small army of developers (which they don't have to pay) working on fixing it. And so, they can get the fix, and distribute the patch to settle the claims. Customers like that even more than getting their money back.
Re:Interesting comment - not by me (Score:3, Interesting)
1) Is the fix made in a timely manner? If I base my business on a webstore that you wrote in your spare time, will you be able to get me a fix within 8 hours in the middle of your final exams?
2) Does the fix solve the customer's problem? What if it is a performance / scalability problem, you designed the app to handle 100 transactions per day and the user wants to do 10,000? It dosen't need to be a technical problem either - what if the software is just too complex to use?
Then, consider all of the overhead that the distributer needs in order to (a) test the problem to make sure that they can reproduce the bug - you don't want your developers to get thousands of bogus bug reports (b) find and communicate the problem to the developer (c) and communicate the status to the user.
I think that this is a larger issue than most slashdot readers realize.
Re:Interesting comment - not by me (Score:2)
[I know I'm going to burn through more karma for this!]
But couldn't the same be said for commercial software? I don't see the magical line between "I paid money for something [hard cash, commercial software]" and "I paid other people money [bandwidth, CDs, whatever] for something". One thing I've learned in my life is to never underestimate the law and lawyers; those that pay almost always come out on top. Open source developers do not have the money to fight such suits, and will gladly fold into oblivion if challenged (see recent Wine contributors, DeCSS, bnetd for case examples).
To create a law which provides for liability with software (i.e., Free Speech) seems very dangerous. Even if the intent is to punish those who are making incredible sums of money by shoveling out the most bug-ridden piles of garbage imaginable, it also impunes upon the hobbiest, the casual geek and the open source divoute (if, for nothing less than the threat of a lawsuit). Joe Programmer with his wiz-bang open-source program recieves a summons to a court 2,000 kilometers away is already out the time spent there and the plane tickets -- what is he more likely to do? Give up; which is just as awful as if he'd been found guilty of writing a program (Free Speech, again) that destroyed someone's data. Furthermore, he will serve as a warning to all other programmers (writers of Free Speech) that they should never, ever, under any circumstances release software that does anything.
For all the grief that this would cause Microsoft; it would be worse for us, if only because we don't have a team of lawyers on retainer.
attractive nuiscence (Score:3, Informative)
I didn't charge anybody anything... I didn't even give permission for it to happen. Yet I am still at fault.
Just because I don't profit off of a transaction doesn't give me a right to put somebody at risk - financially or physically - unless perhaps I am completely forth right; and even then often not. And simply saying "Well, at your own risk," is not completely forth right, not even close.
The only different with purchasing the product is that the legal agreement is explicit. And in an explicit agreement risk can be accepted by the customer. But in the implicit agreement it is assumed that risk is accepted only if it obvious.Otherwise you're buying the right not to be put in a dangerous situation. Which u can't buy because u fundamentally own this as a citizen.
As for the suggestion that there can't be a law suit because there is no company - I think it is pretty clear in the american litigation system there are no lack of defendants.
Not a lot of sense here... (Score:5, Insightful)
The legislation would skyrocket production costs for Microsoft if the company were forced to release foolproof products.
Why would this happen? Car manufacturers used the same "skyrocket production costs" argument with the lemon law with cars. But it just doesn't mean that everything needs to be perfect. Instead it just ensures some basic quality control such as practiced in Japan [loyola.edu].
As for free software, it would just mean that some of the legal entities that support a packaged product (i.e., Red Hat) would be held to the same standards. IANAL, but if the FSF says 'this isn't a complete product' they can't be held liable any more than a tire company could be for some idiot putting the wrong tire on their car.
Re:Not a lot of sense here... (Score:2, Insightful)
Microsoft has 40 billion dollors to play with, are you telling me they can't used the money to debug thier software to without raising prices on thier software?
Lemon Laws actually helped the auto industry. (Score:2)
Re:Not a lot of sense here... (Score:3, Interesting)
The only reason I mention the Japanese is the car manufacturing example I used. (Did you look at the link I provided?) The principles of quality control are universal and were actually imported by the United States: The quality movement in Japan began in 1946 with the U.S. Occupation [loyola.edu]
Now, why would Japanese companies like Toyota (which started basically in someones garage) be able to take market share from companies like Ford (who began mass production)? Because they actually applied the quality control principles. Ford, &c., were selling an inferior product, which the "lemon laws" were meant to protect consumers against.
The same is true for software. Maybe we'll get some "lemon software" protection, but the only thing that's really going to get compaies like Microsoft to start making reliable software is real competition.
Unfortunately, it's needed (Score:3, Interesting)
Some sort of "lemon law" that would REQUIRE the publisher to either correct bugs, and distribute patches for free, or else refund the purchase price IS needed.
What needs to stop is companies like MS being able to leave gaping holes in their products, then correct some of them, and releasing them as "upgrades", ala Windows 98 SE and ME... Those were not really "new" OS's, they were service releases that increased the stability of `98...
In all honesty, the commercial software publishers have brought this on themselves. Sure, MS distributes patches for free for the worst holes (ala, the ones that make Code Red, Nimda, and Klez work), but the fact is, they let their products LEAVE the house with those bugs in the first place.
I see bad consequences for free software out of this, created for it by the closed source companies. Perhaps there can be an exception written in for companies that release source, and in effect, have industry wide peer review of their code.
Eventually, if such a law isn't passed, sooner or later the sharks are going to class action sue and crack away ALL such limitations in the EULA's.
There is too much money and lost productivity happening right now due to software defects.
What we need is a defined list of responsibilities, passed into law, that can't be EULA'ed away.
Re:Unfortunately, it's needed (Score:2)
That's VERY debatable... They added new bugs...er...Features!
I refer you to.. (Score:2)
How many times do I have to say it? (Score:3, Informative)
Neither the federal government nor any state has ever had any sort of warranty/liability law that would affect gifts (transactions involving no payment or consideration), unless the defect was willful and intentional (ie trojans). There is no negligence protection for gifts. I highly doubt that any such software lemon law would break with this ancient precedent.
The GPL clause disclaiming only nondisclaimable warranties exists solely for severability purposes; the "unless prohibited by law" clause appears in almost every warranty disclaimer.
The law only needs some refinement, but it's good. (Score:2)
The only little detail the law is missing is that people should be expecting what they pay for. If you pay hundreds of thouthands of dollars for lots of software licenses that is ment to be run doing mission-critical operations, the developer should be held liable for his work, because he's getting quite a sum of money. This shall not applicate to Free Software, since it's duh, FREE. You don't go around asking for support for a 10-year old TV set you got for free from a friend.
Does anyone even know for sure what exactly does this law look like ? How many revisions is it supposed to go through ?
Limits? (Score:2, Insightful)
Re:Limits? (Score:2)
heh (Score:2)
Wouldn't Affect Free/Open Source Software (Score:3, Interesting)
While IANAL, I did consult one about this once - when you give something away, you have no obligation to the recipient. Specifically, the recipient can't sue you if the product is defective in some manner.
Re:Wouldn't Affect Free/Open Source Software (Score:2)
You are a moron.
Free and Open Source software is distributed under a contract [gnu.org]. The only software that's not distributed under a contract is public domain software.
Re:Wouldn't Affect Free/Open Source Software (Score:3, Informative)
I am a lawyer, and as such I know what a contract is. Last time I checked, it requires mutual consideration. If you allow people to download your software for fee, it's a gift, not a contract.
Maybe you should check your facts before calling someone a moron.
Re:Wouldn't Affect Free/Open Source Software (Score:2, Insightful)
I might be way off, but As far as I can tell, that clause allows me to ignore the GPL, as long as I don't want or need the permissions it gives me. And those are for distributing and modifying, not using. You got the right to use the software when it was given to you.
That's how I read it anyway.
Re:Wouldn't Affect Free/Open Source Software (Score:2)
No, you're the moron.
A contract is a legally binding agreement made for mutual consideration.
The GPL is a license given to redistribute a copyrighted work and derrivatives of it. It is unilateral permission given by an author to do that which a person normally cannot. There is no mutual consideration and no mutual obligation.
Re:Wouldn't Affect Free/Open Source Software (Score:5, Informative)
IANAL either, but I did take a business law course taught by a lawyer. What you said is not quite true (at least not in NY state). When you give somebody something (not for any consideration), then you are not liable for negligence. However, you are liable for gross negligence. Gross negligence is defined as negligence which "shocks the conscience of the court".
My understanding is that it is very difficult to shock the conscience of the court, especially when you're giving something away for free. I suspect that as long as one doesn't knowingly include genuinely malicious code and keep quiet about it, that a software developer who gives away their code for free will be more than fine.
I suspect, though this is just a guess, that RedHat could probably take the position, as long as they made it clear to purchasers, that they are providing an installation and aggregation service, they are not actually selling the code that they didn't write. Thus they would be liable for bugs in the packaging or installation but not in the aggregated software. This would be reasonable, IMHO, and probably legally OK, too. Of course, that's just pure speculation on my part.
The lemon law doesn't apply with source (Score:2)
Granted Apache should serve up web pages and FTP should transfer files and php should work on the server to generate HTML pages or whatever else you programmed it for. AS ADVERSITED...
But, with open source code, you get the source code, you get access to the entire open source community.
With open source, you get to roll you own on if you want a particular product to something nobody ever thought of making that product do.
With M$ or anyother canned software company, you'd better be able to convince them that its in their interest ($) to provide it.
With open source, you get to take out features you don't want in the product.
With M$ or anyother canned software company, you're fucked . Features NEVER disappear regardless of how stupid, downright bug-riggen, security hole prone or outright nefarious they are.
GPL'ed software comes with the source. Feeling screwed? You can DO something about it.
Re:The lemon law doesn't apply with source (Score:2)
I think, that in this case, under a properly written lemon law, the distributer will be liable only if the binary does not match the source, and therefore caused damage.
Americans should remember how they destroyed ... (Score:4, Interesting)
It got so that anyone who flew whilst drunk and crashed a plane that he hadn't maintained for years could sue the manufacturer for many millions with a fair chance of winning. And even if the manufacturer won their legal costs would wipe out the profit on many aircraft. So basically the US lightplane industry closed down. (It has since started up again, as a shadow of its former self, following some law changes.)
OK, that didn't affect all that many people. Closing down the software industry would be a different game altogether.
What about failing components? (Score:2, Interesting)
I really don't understand why this is called a lemon law, actually. A car that's a lemon doesn't work, or works for a while and then throws a rod or something. I don't quite see the analouge between that and software.
In fact, someone mentioned a web server dying at some important moment, and the users of that web server losing a lot of money (ebay or amazon or something). Does this qualify under a lemon law? If I have to get somewhere important, and my car doesn't start, can I actually sue the makers of the car?
The difference... (Score:5, Insightful)
Meanwhile, their EULA practically says that you're better off playing Russian Roulette with five bullets and only one empty chamber, than to trust their software in a mission/enterprise-critical environment. We can't get access to their source code to check it for bugs ourselves, which would shift liability to us if we could do so, did, and then okayed it for use-- we just have to take them at their word, and hope that the server farm doesn't melt down and bankrupt our company.
Free software, on the other hand, is just 'out there'-- it's like finding a still-wrapped condom on the street. Sure, you can pick it up and use it, but if bad things happen, well, how is that anyone's fault but your own?
Liability-eliminating EULAs are an affront to any kind of truth-in-advertising regulations. A software company should definitely be able to be held financially liable for losses caused by failings in its products-- not to a degree that would instantly put them out of business, but a fair amount. Say, equal to their annual marketing/advertising budget?
Let's look at it with the car company analogy. Suppose Ford's commercials said that the airbags in their cars would save you and your family's lives? Okay, now suppose someone dear to you was killed in a head-on collision while driving a Ford. How would you feel if, when you tried to sue, Ford said, "But wait, your loved one agreed to the EULA by deploying the airbag... let me read you this paragraph from it that says, if the airbag does not work as we said it would, we aren't liable."
Liability is a complex creature (Score:3, Insightful)
Most cases aren't as clear-cut. Continuing on the car industry example, can you hold a vendor liable if you're not wearing seatbelts, and suffer serious injury as a result? Probably not. Can you sue if you are injured in a parking accident by the airbag? Probably not. Now, why were you injured in the first place by said airbag? Because they are inflating with the power required to restrain a person not wearing seatbelts. Anything wrong with this picture? You bet. The consumer has a responsibility of his own, in this case: wearing the seat belt.
Liability is eventually determined by a judge and a jury, and in corner cases it's just a lottery, which is why car manufacturers err on the side of safety -- theirs, not the safety of the customers who are wearing seat belts.
The same thing is looming on the horizon when a software lemon law gets introduced. Vendors will still go to great lengths to skirt their responsibility, and even if that works to "improve" the product, chances are the consumer will be hurt in the end.
For a preview of things to come, look at Microsoft's security fix to Outlook. It is available, so like seat belts, common sense holds that if you don't apply it, you willfully accept the consequences. But unlike seat belts (which are at worst an inconvenience), applying this patch will cripple Outlook beyond being usable.
You can't win this one. Frankly, I'd settle for a law that demands truth in advertizing w.r.t software products.
Its the implementation... (Score:2, Interesting)
Technically, under thet respect, it doesn't apply to Microsoft either.
If you buy a uesd car, and in the next couple months have to put a lot of money into it to keep it running (i.e. a prime candidate for the 'lemon law'), you don't sure Ford/GM/whoever for making a crappy car that no longer works, you sue the person who sold it to you. In effect, you sue the distributor for charging you for a crappy product, not the publisher.
It should be the same with software. Microsoft ships software to retailers and OEMs, windows get sold to consumer, consumer is unhappy, consumer sues retailer/OEM. After this, the OEM will no longer buy windows from Microsoft, so the quality of the product and the strength of the corporation will be indirectly affected, but it shouldn't be directly. If 50 owners of windows sue Microsoft, many will lose as they don't have the resources to beat out a large corporation in a legal battle. If Dell or HP/Compaq stopped selling windows with its PCs because they got a very large bad review from those consumers who bought their PC, it will have a much larger impact on Microsoft and its lines of products.
In this case also, with OSS, the writers would not be the ones who can be sued, but the corporations (RedHat, Hummingbird, Ximian et. al)
Perpetual Beta? (Score:3, Interesting)
If this were to happen, it might actaully help the public, forcing the commercial vendors into a system where they actaully have to admit that thier product is never finished. Maybe then the public would stop shelling out money every time the latest edition comes out, lining the pockets of Gates and company.
you've got to be nuts (Score:2)
That is - what would happen if shrinkwrap limitation of liability clauses would be banned?
Any company without $40 billion in cash to pay for lawsuits would go out of business. Microsoft would rule the world.
Lemons have specific defects (Score:2)
But software systems are complex, and they will always have bugs. And the industry is too powerful to permit a law that would not recognize this and regulate it the same way simpler products are regulated.
All of us who have written software know why we want to disclaim liability, and people who use it know why they accept those disclaimers. It's a hard problem to figure out if there is a middle ground that will satisfy both user and author.
Disingenuous on the part of the "community" (Score:2, Insightful)
If sensibly implemented, this would put the burden of responsibility on commercial distributors of open source software. If I download an open source product from some coder's website, there's no transaction, there's no contract, and no liability. However, if I pay $100 to RedHat to purchase the same software, that should be treated the same as if I paid Microsoft for the same, and they should bear the burden of responsibility.
I would even go so far as to say that such a law would be good for open source developers, if not the open source "community" which is full of many leeches. Many of the companies that sell open source software these days are playing the "something for nothing" model; they take open source software that someone else has written, put it in a box, and charge for it, without undertaking development themselves. (See, for example, the controversy over OpenOSX.com.)
This is, of course, a much better business model than conventional software development... they get all of the money for none of the work. These are the people who would be most hurt by product liability laws... and forcing people who profit from the open source community to be responsible for it as well doesn't seem like such a bad idea to me.
Don't worry (Score:2)
Microsoft is our friend here.
Limit liability to multiple of software price (Score:5, Interesting)
Microsoft and the Lemon Law (Score:2)
What about drivers, programs with Ring0 access? Giving a program access to the hardware is an inherent liability because it can cause a crash. Then you get into the interactions of various drivers..I've had cases with DriverA running HardwareA and DriverB running HardwareB. There was a crash, and removing HardwareB solved the problem, but so did simply upgrading DriverA. Who's at fault?
Windows, by itself, is actually quite stable. If these laws come about, what would end up happening is that Microsoft would always shove off the blame for a "lemon" on a third party, and they'd have the money and lawyers to do it.
Re:Microsoft and the Lemon Law (Score:3, Insightful)
I'm a big Linux advocate. I run an OpenBSD box. The primary reason I have a windows machine at all is because the support still isn't there for gaming and video editing. Yes, there are decent video editing tools for Linux. They're not as good as the Windows equivalents, or they're multimillion dollar software used to edit movies like the Matrix.
I'm just not a zealot. I recognize where the problems lie, and I recognize when there's a use/market for a particular product. Windows has it's place, and it's current incarnations, it's quite stable. When Linux gets support from software makers, it will have a place on the desktop. Until then, it simply can't give the end users what they want.
Protect free (as in either) software (Score:2)
Haven't you ever seen the phrase, "In no case shall [provider]'s liability be construed to extend further than the price paid for the product." If I buy RedHat from LinuxCentral.com for $10, I don't think I can reasonably expect to sue them for a million dollars. Can't they explicitly state that I can't?
a full 180 (Score:2)
The only instance I'd be ok with this is in embedded systems for medical devices, etc, where if stuff doesn't work... people DIE. So in this case, the problems of intervention are definitely outweighed by the possible weight of what could happen if the gov't doesn't stand in. As it is, most embedded systems like this do have a good reputation (if they didn't, they'd cease to exist), but when actual lives are at stake, it's a different issue, so the added weight of punishment for negligence, etc, is acceptable.
Quick question (Score:2)
How can you be sued for providing information to someone?
If this does come to pass, it'll mark the last time I distribute a binary, that's for damn sure.
Limiting Liability (Score:3, Informative)
I would think that something like this would work for the larger Open Source projects. If they could have the requirements of the project documented (i.e., what it is suppose to do) and have tests written to verify this, then they may have a out. The problem is M$ case is that they know of the problem, or their quality process is not sufficient, and do nothing about it.
He's right... Here is a different solution. (Score:5, Interesting)
I think any liability laws would unfairly punish smaller companies.
Some people are in favour of Lemon Laws specifically because they dislike Microsoft and think that Microsoft software is insecure. This is stupid and shortsighted.
Deal with Microsoft's monopoly abuses seperately. Monopolies come and go but bad legislation is forever.
Create laws that arm consumers with security information. Perhaps a grading scheme where software that doesn't connect to the internet is given a A rating. If it is a client then it gets a B rating. If it is a server it starts at C then for every three exploits within the last year the rating increments by one.
After you have informed the consumer you can let the market decide. If they still use software with a G rating then that's their own problem.
Re:He's right... Here is a different solution. (Score:3, Insightful)
Create laws that arm consumers with security information. Perhaps a grading scheme where software that doesn't connect to the internet is given a A rating. If it is a client then it gets a B rating. If it is a server it starts at C then for every three exploits within the last year the rating increments by one.
I think this sounds pretty nice, but it has problems. For instance, clients are not necessarily more secure than servers, a well-written anonymous ftp server could theoretically be infinitely more secure than a poorly-written web browser which downloads and executes code without express permission.
Also, most linux distributions would minimally start at a "C" rating under this scheme, while windows 98 would begin at "B" (without enabling "file/printer sharing"). Which do you consider to be more secure on the average? Do the ratings reflect that?
These problems are indicative of a greater flaw in this scheme, software doesn't have to rigidly conform to _any_ model, be it client/server, P2P, etc. Laws take a long time to be changed, software can be changed in weeks (witness Microsoft's court history.. pretty soon they might be stopped from producing Windows 95 ;) - if we draft laws or even form committees which define certain software paradigms as insecure, software will simply change paradigms to achieve a higher rating until the ratings-board is able to change criteria to match.
Alternatively, we could have panels of elected security-analysts pore-over every piece of software that is voluntarily-submitted for a rating (in source form), at a cost to the software producer (based on some criterion I don't know), and they could arbitrarily grant ratings based on their findings.
I don't know that this is the best solution, but it sounds more practical, it's similar to other analogous (movie ratings, supreme court, etc.) systems for ideal-compliance which are already in place and doing a reasonable (not perfect) job.
Thoughts?
Does a problem really exist? (Score:2)
I say companies should fire incompetent people that don't maintain systems. That last thing we want is regulation in the software industry.
Only promise that it does what the source says (Score:2, Interesting)
Ask Microsoft to ship full source code with their products for a full disclosure of what it actually does. Since they're not willing, you have to take their word for it, which is hardly comforting.
This wouldn't effect MS, see here... (Score:2, Interesting)
1) Is all of your hardware HQL approved?
2) Are you running only Microsoft products (if you have a single custom ASP page running on your server answer no)?
3) Are you running the current versions of all software and protocols used?
4) Do you have all current updates and service patches applied?
5) Was/Is your installation completed and maintained by someone who is MSCE for every aspect, component, and method of use for the MS software and protocols you are using?
If you have answered no to any of these questions, you are TSOL.
Assuming tort-reform... Is SW a toaster or a book? (Score:2, Interesting)
Open Source software can be much like a public park. There should be an exemption for free, public *anything* that doesn't involve criminal negligence. If you don't pay admission, it would be up to you to make sure you don't do anything stupid on the play equipment.
At that point, Red Hat, SUSE, etc. can assume as much or as little liability as they want as they add a paid layer on top of the commons.
Further, Source is stuck somewhere being a device (like a toaster) or a book. If you don't like the ending of a book, or how the cake turns out, the book is in no way defective. If you can't follow instructions, or even if you simply won't, or the instructions are wrong or dangerous, you normally can't sue the author. You can sue if the toaster is defective and is actually an ignition source when used as directed.
An EULA in the usual form Microsoft uses basically declares it to be a device. If I can't read it or analyze it or quote it, but only use it, it is a device and not a book. Also it says you don't even own it (even the single copy as under copyright).
GPL on the other hand says lets discuss, improve, analyze the work, and by the way, you can run it and maybe use it to do something useful (like a recipe in a cookbook). It might be used as a device, but it is still a "book". And I think you could tweak the GPL if necessary to make it legally fall into the same liability category as a book.
Between tort reform, and resolving the device / artistic work dichotomy, I think GPLed software would thrive.
But we do not have wise leaders, and Microsoft sends more money to prevent clear thought on the part of our legislators.
Lemon Law's got flaws (Score:2, Insightful)
It doesn't include "It's free, use it on your own risk, it's not final version"
In general it excludes licenses like commercial, GPL, FreeBSD, etc. as they are now, but it can't exclude open wide beta testing, prerelease promotion. So, with adding to GPL restrictions clause like that, that would define software as such, would be possible to avoid lemon law restrictions.
Software in development never matures to it's final stage. Yes, I know people like 1.0, 2.0 etc. But where is the final stage? Simply defining always "Development in progress, but this is what it's done so far", would avoid that kind of law. On the other hand people have no signed contract or receipt to show that as evidence at the court.
I know that in case such law would be passed, I would just make a clause on my web page. "ENTER" if you.... "LEAVE" if you.... Works for XXX pages.
Putting on web page something likethat is easy. Here is an example
"Enter if you're interested in this software, but by entering you agree that this software hasn't matured to it's final stage (at least out of legal points, which don't allow free software to be passed on in different way, then being treated as work in progress), you also agree that software has provided you with license which defines how this software should be treated regarding distribution, usage etc. just the same as this software would reach it's final stage.
Considering legal points passed by "lemon law", this clause and describing maturity state of this software, it's unfortunate necessity for this software being able to be passed on freely."
Of course, I'm from Europe and I'm not concerned with stupidity like that.
Hope somebody is not offended with my bad English...
This has happened before (Score:2)
Now I don't know if his fears are well founded or not, but I'm sure he had some reason for taking the action of yanking the previously available source. Perhaps an anti-lemon law with an explicit "software made available for no cost is exempted" would be better, although even then I'm not so sure it's a good idea. Should Red Hat be held responsible if one of the beta products in the distribution is buggy (say, the situation with Mozilla a year ago)? Besides, what level of bugginess is okay? Is 99% uptime sufficient? 99.999%? 100%, every crash results in a lawsuit? I just don't know about this...
Full waranties are quite reasonable (Score:4, Insightful)
First, warranties only are meaningful in the context of a commercial transaction. There's no reason to expect a warranty on a free good. So this is not a problem for free software.
Second, warranties aren't that expensive to manufacturers. Under 5% of the cost of a car is in the warranty. More to the point, in the gambling industry, where full financial responsibilty for errors and downtime is the norm, GTech, which runs lottery systems, pays out about 0.3% of revenue in penalties.
Compensatory damages and blame management are real issues. But this comes up in other areas, and the suppliers work it out between themselves, as in the Ford vs. Firestone tire failure issue. In computing, we should expect full warranties on the OS from manufacturers who preload an OS. Let Dell and Microsoft argue between themselves who's responsible.
Finally, manufacturers who don't offer a full warranty should have to put a giant "AS-IS" on the box, like those signs that appear on used cars.
Americans, HELLO! We're here, too! (Score:3, Interesting)
Something that really bugs me is the comment that this lemon law could kill "OpenSource and Free Software" alltogether. In the case you guys from the US haven't noticed: There are other countries with other laws.
Of course here in Germany a vendor or producer is liable for what he sells, too. But this liability has limitations! In Germany you CANNOT sue McDonald's because you failed to notice that coffee may be hot and McDonald's hasn't provided you with that information! You CANNOT sue a toy company for selling Superman capes without providing a warning that those capes won't give you the ability to fly! And even if you can sue a company for liability (i.e. because they failed to give notice about poisons or side-effects in their products), you won't be rich!
German jurisdiction mostly follows the customs and the common sense. That means: if you pay 1000 Euro for product A it is NOT regarded in the same way as product B which you got for free.
Besides: do you really think that OpenSource and Free Software are dead the same moment the US leaves the building?
lemon law (Score:3, Insightful)
This bill cannot kill open source *development*. It may, however, make the selling of open source software much more difficult. If this bill passes, companies like RedHat would now be liable for bugs in Linux. Of course, RedHat can (and does) take a snapshot of Linux and make lots of modifications and tweaks before making a release, but there's no way they're going to catch all of the bugs. They're best bet would be to get heavily involved in the system of releases of open source software. This will be very tricky, though, as developers will not be happy to see a company have such control...
Jason
Re:anonymous coders (Score:2)
In fact I don't see how you can clearly submit a work to be in the public domain unless you identify yourself as it's author. Remember, all works are automatically protected under copyright upon creation, whether you add the magical Copyright (c) sydb 2002 or not.
Re:anonymous coders (Score:2)
Surely such an act cannot be trusted.
Re:No warranty anyway (Score:2)
Re:No warranty anyway (Score:2)
That's why I raise the point.
Re:No warranty anyway (Score:2, Interesting)
Source code is like the plans for a car. Are plans copyrightable? Patentable?
Compiled code is like the car itself. Same question as above.
Re:QA (Score:2)
To prove liability there has to be neglect. If cars are produced in a plant where all the safety standards are met, then if something happens to the car, it is considered an act of God.
There would need to be an industry-standard QA process in order to prove that a particular company was neglectful and therefore responsible for damages caused by product failure. If a company followed the standard process, then no hard could be done if a bug made it into the released version.
Re:market forces change not laws (Score:2, Insightful)
OK, now that there's a monopoly situation, it's not just the market in the driver's seat anymore, at least on the desktop. But it was still a relatively free market when consumers had the choice between feature-laden dreck and more tightly-focused products with better quality. So now they change their minds and want quality? The market allocates resources according to buyer's preferences, and generally does that efficiently. That doesn't mean that buyers always choose the technically best product.
Anyway, the real driving force in this initiative is the lawyers trying to get their mouthparts into a nice big pool of cash. And if they happen to destroy another industry in the process, well, it won't be the first time.
And there's not even the consolation that more regulation will hurt Microsoft. Higher barriers to entry tend to protect monpolies, not break them up. It's the little guys and the innovators who will be screwed. They don't have the deep pockets to pay the lobbyists to subvert the regulations. And if GPL'd software happens to become a victim of collateral damage, Congress and the legal profession won't give a shit, because there's no money in it for them anyway.
So it's not about us needing more laws, it's about which laws will most benefit the greed and lust for power of those who actually run this country. Parasites don't care about their host's freedom, only about how much blood they can extract. The underlying problem is that they're making the decisions in the first place, not us. Nothing will change until that changes.
Re:Easy fix. (Score:2)
Well, I'd figure those blueprints were there for a reason. So that if there was any problem, I would be in as good a position as posible to fix it myself. I doubt that the blueprints would eliminate manufacturer liability, but seems like they would go a long way in that direction.
Re:Disclaimers OK if you publish the source (Score:5, Insightful)
I think publishing the source should allow the disclaimers to be in force. MS does publish the source to some customers, and GNU to everybody. With the source you can (in principle) verify the functionality and absence of backdoors, and you can (in real life) fix problems yourself instead of having to wait for a Service Pack or other official upgrade.
This is pretty much the key. All that is needed to get OSS off the hook is the line in the documentation "This product does exactly the source code says it does. All other documentation is purely opinion."
Re:Free Software - Refund the purchase price. (Score:2, Interesting)
If a company has a larger annual profits, you sell exactly the same solution at a proportionally higher price. This means that the seller can be trusted, because it is in their interests to produce a piece of software that is as reliable as possible, and the buyer buys piece of mind. It also provides an answer to "Who do you sue if open source software goes wrong".