RE: product liability (was 'we should all be uncomfortable with t he extent to which luck..')
From: William Allen Simpson [mailto:wsimpson@greendragon.com] Sent: Tuesday, July 24, 2001 11:43 PM
Perhaps a different approach is in order -- product liability.
Network operators have been injured by the distribution of buggy software from M$. We need to be compensated for our time and expenses.
End users need to be compensated for their costs to upgrade.
A check in the mail would be a better incentive to administrators than "automatic" updates.
Now *there's* a thought. However, all software companies carry product liability insurance. It's sometimes called a shrink-wrap license. You might actually try reading it the next time you purchase and install software.
At 03:05 AM 7/25/01, Roeland Meyer wrote:
From: William Allen Simpson [mailto:wsimpson@greendragon.com] Sent: Tuesday, July 24, 2001 11:43 PM
Perhaps a different approach is in order -- product liability.
Network operators have been injured by the distribution of buggy software from M$. We need to be compensated for our time and expenses.
End users need to be compensated for their costs to upgrade.
A check in the mail would be a better incentive to administrators than "automatic" updates.
Now *there's* a thought. However, all software companies carry product liability insurance. It's sometimes called a shrink-wrap license. You might actually try reading it the next time you purchase and install software.
It does seem odd as a consumer that my car didn't come with a shrink-wrap license. I can imagine what it'd say if Microsoft owned Volvo: "We make no guarantees that this car is suitable for driving on highways, dirt roads, or anything in between. Customer assumes all responsibility for the suitability of this product to any use." And add to that: "Check our website every so often to see if we've found any design flaws in your car. If we find any, we'll make fixes available to you eventually, but you have to pay for and supply your own trained mechanic to install the fixes." ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranth.com
Roeland Meyer wrote:
From: William Allen Simpson [mailto:wsimpson@greendragon.com] A check in the mail would be a better incentive to administrators than "automatic" updates.
Now *there's* a thought. However, all software companies carry product liability insurance. It's sometimes called a shrink-wrap license. You might actually try reading it the next time you purchase and install software.
I'm not a party to the EULA. For the sake of argument, ISPs are the party that the SUV hit when it rolled over after the tires exploded.... (actually, because of our proactive action and filtering, we had exactly zero customers that were still infected by Jul 20th. But we had to spend the manpower and technical support -- that's worth something!) Also, you may have noticed that shrink-wrap licenses are valid in only two places: Washington (state) and Virginia. This would be a Federal class action. Joe Shaw wrote:
And with this latest threat of code red, Microsoft would have been covered anyway, because a patch for this exploit existed well before CodeRed hit. They released a patch for the indexing server on June 18, 2001, which as you know is a full month before CodeRed. So, people had a MONTH to prepare for something like this, and it's a sad statement that they did not.
Actually, although the patch was released, M$ lied, saying it was only needed by web servers. We have since learned that *ALL* W2K and XP systems were vulnerable. Fraud and misrepresentation?
human somewhere wrote some bad code. It happens, and continues to happen on a daily basis.
It's long past time that humans were held accountable. Funny, the engine electronics in my car doesn't seem to be vulnerable to these failures.... Maybe it's the extensive (years) of testing and code review? Why should I have to pay for the desire of M$ to be "first to market", or more usually, "last to market but cheaper". There is no other industry where such bad practices would be acceptable. It shouldn't be in ours, either!
Security requires vigilence, and there seems to be too little of it out in the world.
Agreed. -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
William Allen Simpson wrote:
Also, you may have noticed that shrink-wrap licenses are valid in only two places: Washington (state) and Virginia. This would be a Federal class action.
Didn't the Digital Millennium Copyright Act make shrink-wrap licenses valid nation-wide? -- David
David Charlap wrote:
William Allen Simpson wrote:
Also, you may have noticed that shrink-wrap licenses are valid in only two places: Washington (state) and Virginia. This would be a Federal class action.
Didn't the Digital Millennium Copyright Act make shrink-wrap licenses valid nation-wide?
No. You are thinking of last year's electronic signatures act -- an act that has no signatures, merely "sound, symbol, or process". After much debate, including contact with staff of the Senator that introduced the bill (now secretary of energy after we kicked him out of the senate), I have written assurances that normal contract law will always supercede, and nobody can be bound to anything that they have not yet seen and affirmatively acknowledged. And I expect the companies pushing the law will argue otherwise, and the courts will decide.... We had a recent success on web site terms of use. The result is, you have to hide the entire site behind an agreement page, and securely prevent anyone from accessing the material without going through the agreement page. I'll point to another "success", although not for an intangible good. My 3 year old powerbook came with a power brick. The warranty has long since expired. The "shrinkwrap" agreement says they are not liable for consequential damages. Yet, Apple is sending free (no cost in any way) replacements! Seems that 6 out of several million got too hot and caused a fire. (They do get hot!) Now, is that responsible corporate citizenship? Or enlightened self interest? Or fear of bigger (punative) penalties? Whatever it is, we need more of it.... -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
On Wed, 25 Jul 2001, William Allen Simpson wrote:
David Charlap wrote:
William Allen Simpson wrote:
Also, you may have noticed that shrink-wrap licenses are valid in only two places: Washington (state) and Virginia. This would be a Federal class action.
Didn't the Digital Millennium Copyright Act make shrink-wrap licenses valid nation-wide?
No.
You are thinking of last year's electronic signatures act -- an act that has no signatures, merely "sound, symbol, or process".
You're thinking of UCITA - the proposed revisions to the Universal Commercial Code. These WOULD make shrink wrap licenses a lot more powerful and painful. The good news is that UCITA has to be enacted state-by-state, and an increasing number of big players (e.g. large, corporate software buyers) are lining up against UCITA. ************************************************************************** The Center for Civic Networking PO Box 600618 Miles R. Fidelman, President & Newtonville, MA 02460-0006 Director, Municipal Telecommunications Strategies Program 617-558-3698 fax: 617-630-8946 mfidelman@civicnet.org http://civic.net/ccn.html Information Infrastructure: Public Spaces for the 21st Century Let's Start With: Internet Wall-Plugs Everywhere Say It Often, Say It Loud: "I Want My Internet!" **************************************************************************
Apparently, you replied to the wrong message. The innermost refers to UCITA and its UETA sibling, only enacted in 2 states. David was referring to the DMCA of 1998 (see http://thomas.loc.gov/cgi-bin/bdquery/z?d105:HR02281:@@@L&summ2=m&|/bss/d105query.html| for legislative history.) Then, I was referring to the more recent e-signature act (see http://thomas.loc.gov/cgi-bin/bdquery/D?d106:1:./temp/~bdh8zW:@@@L&summ2=m&|/bss/d106query.html| for legislative history.) -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
participants (5)
-
Daniel Senie -
David Charlap -
Miles Fidelman -
Roeland Meyer -
William Allen Simpson