Post #23,739
1/10/02 8:17:41 AM
|
Oh, that sounds good....
...at the outset. Apply it to open-source, however (specifically GPL-ed & BSD-ed software). Who is 'accountable'? All the coders? The folks controlling an OSS project? The people who distribute OSS products? And this is to be legislated? Such legislative action would effectively make open source illegal - and worse, given the monopolized environment, MS would then be the only legal alternative - regardless of whether it's products are actually 'secure' or not. (Not that you'd know - MS wants to silence those that reveal security flaws, remember)
Be careful what you wish for. This is a solution that only L.A.M.E. could love.
Imric's Tips for Living- Paranoia Is a Survival Trait
- Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
- Even though everyone is out to get you, it doesn't matter unless you let them win.
|
Post #23,759
1/10/02 11:37:22 AM
|
Ben already broke that one down for us
What was the alphabet soup for that one, SCCCA IIRC?
We have to fight the terrorists as if there were no rules and preserve our open society as if there were no terrorists. -- [link|http://www.nytimes.com/2001/04/05/opinion/BIO-FRIEDMAN.html|Thomas Friedman]
|
Post #23,846
1/10/02 11:10:51 PM
|
That was copyright protection, not security
But I doubt that security would be handled more wisely.
Cheers,
Ben
|
Post #23,884
1/11/02 9:11:17 AM
|
But don't they intend to "secure" copyright protection?
That's the crux of the laws for copyright: prohibiting circumvention of the copyright "controls". So the copyright issue is argued as though it were one of security. They know that if were "only" about money they couldn't act so self-righteous.
We have to fight the terrorists as if there were no rules and preserve our open society as if there were no terrorists. -- [link|http://www.nytimes.com/2001/04/05/opinion/BIO-FRIEDMAN.html|Thomas Friedman]
|
Post #23,924
1/11/02 1:13:12 PM
|
The language makes differing goals easy to confuse
The purpose of security is generally to prevent people from using computers and computing resources in ways that are not authorized by the owners/administrators of said computers.
The purpose of copyright is to restrict people from using documents in ways not authorized by the author or current copyright owner of said document.
The significant difference is the question of whether the owner of a machine is allowed to use the machine and data on that machine as they intended. The goal of the SSSCA was to answer this in the negative. My objections were to the fact that the SSSCA prevented people from choosing how they wanted to work with their own computers.
Cheers,
Ben
|
Post #23,847
1/10/02 11:21:20 PM
|
My proposal
If if walks like a sale, and talks like a sale, then it is a sale.
And implicit warranties apply. And cannot be disclaimed.
In short, if you do something that resembles a sale too closely, whether you call it a sale or licensing, whether the direct sale was with you or a third party with permission to relicense, you are liable.
If you give it away, you are fine. But anyone who is selling a CD with open source software is taking on that liability. (And that liability is exactly what you are selling.)
This would put software on approximately the same grounds that everything else is. If I sell you a hammer which is prone to twisting and knocking the nail into you, I am liable. If I sell you email software which is prone to well-known macro viruses, I should be also. Whether or not I try to pull a fast one and claim that I didn't really sell you anything.
And in the same vein, if Microsoft and a bug-finder agree not to avoid telling consumers of a serious consumer risk for extended periods, that is collusion and should be treated as such.
The whole industry would howl over that. But I think it is fair. Software companies shouldn't be allowed to do an end-run around existing liability laws. Sure it is harder. But does anyone think that designing safer cars is easy on Detroit? What makes software special? That most programmers are incompetent? I think not!
Cheers,
Ben
|
Post #23,855
1/11/02 12:14:36 AM
|
Curious about turn-of-century autos
With respect to product liability and so forth.
Probably not liable for *anything*, except actual damages. A car hits your horse, the driver is probably liable for the damages to the horse.
Wondering how that might apply to today's software.
"Beware of bugs in the above code; I have only proved it correct, not tried it."
-- Donald Knuth
|
Post #23,874
1/11/02 7:46:50 AM
|
Returning an honest question with an immediate response...
The turn of which century?
That was honestly my first question when I read your title.
But yes, there was little liability for early autos. Which in turn had a tendancy to fall apart in collisions. And cars continued to not pay much attention to safety until the government began passing laws about it and (probably more importantly) a lawsuit over a design mistake of the Ford Pinto resulted in [link|http://www.uoguelph.ca/~sharoon/a1/A1disaster.htm|huge judgements]. (Advice to executives everywhere. If you do a back of the envelope calculation of how much it costs to do things right versus how much you expect to pay for lawsuits over early deaths, make sure that envelope gets destroyed...)
Before that the attitude was that safety doesn't sell. After that it was that unsafety costs. The software industry is definitely at the point where security doesn't sell. I would like to see it moved to the latter one...
Cheers,
Ben
|
