Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Taking On Software Liability - Again

Zonk posted about 9 years ago | from the round-two dept.

Software 382

An anonymous reader writes "You may remember an article in which a BBC correspondent wrote an article criticising current software licenses. In answer to the huge discussion that this brought about, he has written another article defending his views. From the article: 'It is possible to make error-free code, or at least to get a lot closer to it than we do at the moment, but it takes time and effort. Doing it will probably mean that commercially-available code is more expensive and cause major problems for free and open source software developers. But I still believe that the current situation is unsustainable, and that we should be working harder to improve the quality of the code out there.'"

Sorry! There are no comments related to the filter you selected.

yeah (2, Informative)

jomynow (552972) | about 9 years ago | (#13753436)

not gonna happen its like asymtotical or something. you keep spending money developing and finding buys and keey going yet getting less returns out of it.

yeah-Computer Snafus (0)

Anonymous Coward | about 9 years ago | (#13753663)

Well here's a question, Mr Informative. Have we reached the "point of diminishing returns"? Why bring up a point, that we haven't even gotten close to yet? In fact, after reading this [] . I'd say that we have a long way to go.

Then let him do it. (3, Insightful)

BoomerSooner (308737) | about 9 years ago | (#13753441)

I've got an idea. For non-software developers with great ideas. You program some piece of software for 5 years and then warranty against any bugs or failures. Oh btw, it must be priced competitively with current offerings. This guy can go wank himself in a corner somewhere. Perfect software doesn't exist. If you want something done right, your best bet is to do it internally to your company instead of outsourcing. Walmart is a perfect example. Do it right with people that feel they have ownership in the software they are creating and you'll get a better product. Plus, Arkansas (and my state too) are like Bangladesh anyway in the wages paid to software developers.

Re:Then let him do it. (1, Interesting)

MaskedSlacker (911878) | about 9 years ago | (#13753457)

Perfect software is possible, with due diligence. I submit TeX into evidence.

Re:Then let him do it. (0)

Anonymous Coward | about 9 years ago | (#13753841)

Yes, but TeX is a 25-year old (or more) piece of software that does not evolve any more.

Bullshit (3, Insightful)

EmbeddedJanitor (597831) | about 9 years ago | (#13753477)

You have this attitude because you're a programmer. If civil engineers said "so what, bridges fall down" everyone would be up in arms.

Bug free software is possible, so long as it is done right and people are prepared to pay for it. Right now, software is mainly "good enough" and "cheap enough". What is "good enough" and what is "cheap enough" will depend on what is being done.

Re:Bullshit (2, Insightful)

Anonymous Coward | about 9 years ago | (#13753532)

You have this attitude because you're a programmer. If civil engineers said "so what, bridges fall down" everyone would be up in arms.

If a bridge falls, people die.

If an order entry system fails, it gets rebooted/patched/datafixed and it's back within minutes/hours, good as new. Some time is lost, but no lives.

For software that's life-critical, the quality bar is set much, much higher.

Having non-programmers tell programmers that they expect all software to be as reliable as a bridge is ridiculous, particularly since they don't appreciate the cost of what they're asking for. Those programmers silly enough to try and meet those requirements will quickly find themselves out of business when they first ask for $300 million dollars to develop an order entry system.

Re:Bullshit (4, Insightful)

Anonymous Coward | about 9 years ago | (#13753865)

If a bridge falls, people die.

If an order entry system fails, it gets rebooted/patched/datafixed and it's back within minutes/hours, good as new. Some time is lost, but no lives.

Okay, forget bridges. Think appliances.
I heard about a case against Hamilton-Beach because a nut was falling off on their blenders. To paraphrase you, "spin the nut back on, it's back within seconds/minutes". People don't take that kind of crap from things they understand, why should they take it from software simply because they don't understand it?

For software that's life-critical, the quality bar is set much, much higher.

One would hope so, but where are the programmers and managers going to learn how to work that way when the other 99% of software is made shit-poorly? I heard about a $20,000 accounting package that was done in VB. I have nothing in particular against VB, but it's not an appropriate tool to do a large, serious mission-critical system like that. Yet they get away with it because nobody holds them accountable.

Having non-programmers tell programmers that they expect all software to be as reliable as a bridge is ridiculous, particularly since they don't appreciate the cost of what they're asking for. Those programmers silly enough to try and meet those requirements will quickly find themselves out of business when they first ask for $300 million dollars to develop an order entry system.

How about programmers doing it?
All software does not need to be as reliable as a bridge. Mission-critical or life-safety software does. Software sold in high volume should be reliable, because the cost can be amortized, and small defects that only cost a minute or two are multiplied by millions of users to become big problems. That's what class action is all about. Simple stuff like an order entry system should be done simply, and therefore not have problems.

If I buy a product that doesn't work, or that has obvious defects, I have a right as a consumer to compensation from the company that sold a shoddy product. That's part of how we keep companies from knowingly selling crap and pretending it's good. Now, the libertarian view is that if a company is selling crap then the consumers will stop buying from it, but when the whole industry is selling crap and the average consumer doesn't understand the situation well enough to recognize that, what is a consumer to do?

Analogy: picture the auto industry in the 70s. American cars weren't terrible, but the quality control was bad enough that the cars were totally inconsistent. The big three would tell you that making defect-free cars would raise the prices to the point that nobody could afford a car. People accepted this, because they didn't know better. Then the Japanese showed up. They delievered cars that, while not perfect, blew away the big three in terms of quality, and at very reasonable prices. It can be done.

will quickly find themselves out of business when they first ask for $300 million dollars to develop an order entry system.

Now, at the risk of being a Slashbot(tm), I can think of a major software company which has historically been known for low quality, high volume consumer software. I seem to recall that they have something like $40bn in cash on hand. Seems to me that they could afford an extra $300m on each and every product they have ever put out without jeopardizing their company financials. As an industry leader, perhaps that would force other companies put out better software.

Then again, it's always nice to have the easy excuse when my software crashes.
"It's a Windows bug, what do you want me to do about it?"

Re:Bullshit (1)

timmarhy (659436) | about 9 years ago | (#13753545)

no, the problem is opening the flood gates of ligitation. software firms mostly don't have enough money to defend against this kind of shit.

and also, for the most part bugs AREN'T costly. 99% of software no one dies if it crashes. and software that IS that critical does get that kind of treatment and never does fail. so your analogy with the bridge is the only bullshit here mate.

this guys problem, is he expects complex software to never crash. he also has no idea about just how much that extra testing he is reffering to will cost. it would make a version of windows be priced right out of anyone's budget. and it's just not possible ot make 100% bug free software anyway. he needs to just eat his fucking humble pie, admit he knows NOTHING about what he is prattling on about and STFU.

Re:Bullshit (2, Insightful)

servognome (738846) | about 9 years ago | (#13753684)

and also, for the most part bugs AREN'T costly. 99% of software no one dies if it crashes. and software that IS that critical does get that kind of treatment and never does fail.

Exactly, it's the customer's responsibility to demand a certain level of quality they feel comfortable with and pay accordingly. Just as you don't use the same cheap metal for a skyscraper that you do for a back yard fence. There are markets for high quality programs as well as low quality programs, it's up to the customer to find their comfort level.

Re:Bullshit (4, Insightful)

interiot (50685) | about 9 years ago | (#13753681)

Bug free software is possible, so long as it is done right and people are prepared to pay for it.

BINGO. Why not let the market decide?

If it's like earthquake-prone apartment buildings in Tokyo, then it's reasonable to step in and mandate that everyone, no matter how poor, should pay for software designed to a government-mandated quality standard. Until then, why not let buyers and sellers decide on their own?

Re:Bullshit (3, Insightful)

Anonymous Coward | about 9 years ago | (#13753781)

Civil engineers don't warranty their bridges against hostile attacks (DDOS, worms, trojans), for multiple planets and gravities/atmospheres (Win XP, 2K, ME, 98, GNU/Linux, FreeBSD, OS X, i386, x86-64, PPC, Abit, ASUS, generic) or make it do anything but sit there, not having to interact in any way but to hold things up. What's the software equivalent of a bridge? cp? Let me know when civil engineers make anything as complex as Firefox. The only engineering equivalent of modern software is the Space program, and that stuff does fail. Rockets carrying satellites explode on the launchpad. Shuttles break apart. Dress rehearsals turn deadly with too much oxygen sparking fires. Liquid fuel tanks explode. Insulation melts. O-rings don't expand fast enough due to cold. The list goes on.

Outright crashes of software will disappear with better methodologies (including things like interpreted languages, or C# or Java). However there are a million other complex ways that software can still do something other than what you WANT.

Re:Then let him do it. (0)

Urza9814 (883915) | about 9 years ago | (#13753546)

Perfect software is possible! I've done it! Sure, that was one person in about a week...but still! :-P

Re:Then let him do it. (1)

ucblockhead (63650) | about 9 years ago | (#13753712)

While you are correct, that perfect does not exist, it is also true that the way most software is developed, with arbitrary deadlines, poor testing and deathmarch coding, is responsible for much of the bugginess of modern software.

If software companies spent the time and money quality takes, then they would produce software that is less buggy. Not bug-free, but much less buggy.

Anyone can do it... (1)

shmlco (594907) | about 9 years ago | (#13753803)

Yeah, you can point the finger at management issues, but I say competency is another. Letting anyone and his cousin's brother develop software is another major cog in the wheel.

Unlike almost every other branch of engineering, software has no accreditation standands or process. Totally unlike, say, those civil engineers who built and designed the bridges we're using as a comparison. You'll notice that the vast majority of those don't fall down after a day's use.

Firefox : free but as buggy as IE (0)

Anonymous Coward | about 9 years ago | (#13753447)

It is quite obvious that the quality of open source code is not great - but since it was done 'free' those developers can walk free. But if I pay a developer to write some code, and his incompetence introduces bugs... I want to sue his ass off!

Re:Firefox : free but as buggy as IE (-1, Offtopic)

$RANDOMLUSER (804576) | about 9 years ago | (#13753536)

Blow me.
I went to McDonalds the other day and ordered a Quarter Pounder, and they put cheese on it!!
I'll sue!! McDonalds should sue their own employee!!
Again, blow me.

Re:Firefox : free but as buggy as IE (-1, Offtopic)

Anonymous Coward | about 9 years ago | (#13753706)

That's because a plain Quarter Pounder isn't on the menu anymore. If you said Quarter Pounder, the default is with cheese unless you explicitly tell them to customize it "Without Cheese".

Yuck! (0)

sk999 (846068) | about 9 years ago | (#13753863)

Happened to me once as well (regular burgers, but what's the difference). Gaaahh! I smell a class-action suit - sign me up!

There's more to it than just the code (5, Insightful)

Namronorman (901664) | about 9 years ago | (#13753448)

This guy sounds like he's just full of hot air because of a bad Norton AV installation. If one program causes something "devastating" to happen, who is to decide that it's not the user's fault, the compiler's fault, the programmer's fault, the OS creator's fault (and if it's OSS, who's package etc?), or the hardware's fault?

The computer world if full of many variables and I don't see this happening anytime soon, though with recent laws you never know.

Re:There's more to it than just the code (2, Informative)

DAldredge (2353) | about 9 years ago | (#13753583)

Lawyers and Judges would decide.

Re:There's more to it than just the code (0)

Anonymous Coward | about 9 years ago | (#13753635)

Now that is just fucked up!

Re:There's more to it than just the code (2, Interesting)

Anonymous Coward | about 9 years ago | (#13753590)

but that is not the issue. He is pointing out that companies EULA's exclude liability even if the fault is their own. You also seem to be getting hung up on who's to blame instead of who is liable.

As most commercial software is shipped precompiled it isn't an issue for the end user is the compiler buggered it up or not. Standard contract law means you sue the company you brought the product off that is faulty and they then sue the people who created the fault and exposed them to the liability. This is as legally by selling something you are saying that what you are selling will do what it says.

If there is a clear flaw in a product that you buy and it causes you harm you can sue the retailer. If it's software they will claim that EULA terms exempt them from liability.

There's more to it than just the chaos. (0)

Anonymous Coward | about 9 years ago | (#13753795)

"The computer world if full of many variables and I don't see this happening anytime soon, though with recent laws you never know."

Translation: This computer stuff is too complex. Why didn't I become a dentist instead?*

*Free hint: The whole process of software development is about the managing of complexity to tame it and create something useful from chaos. And quite frankly we haven't really tried to do so, and in fact work against any efforts to do so in the name of preserving the illusion of programmer power and control.

LINUX USERS. (-1, Troll)

queef_latina (847562) | about 9 years ago | (#13753451)

Go fuck yourselves. What else are you going to do, besides stay celibate?

Go fuck yourselves.


hvatum (592775) | about 9 years ago | (#13753503)

That's been shown to be impossible! Otherwise I would do it 24x7.

Error-free software... (2, Insightful)

hummassa (157160) | about 9 years ago | (#13753452)

is stale software. Bit rot guarantees that all users will migrate from error-free, real stable software, to new-full-of-bells-and-whistles but error-ridden software in 0 time.

Re:Error-free software... (4, Interesting)

Concerned Onlooker (473481) | about 9 years ago | (#13753643)

A couple of quarters ago I was taking a software engineering course. Our instructor told the story of a debugging competition which used a mature piece of software that was known to be error-free for the test case. A fixed amount of bugs were then introduced into the code and the teams all had a crack at it. At least one of the teams found bugs in the code that were not the ones intentionally introduced. I'm paraphrasing here, but in other words they took a piece of software that they knew to be bug free due to its having been intensely examined by many programmers, yet another bug or two was found.

Truly error free is not a likely state for software.

Re:Error-free software... (3, Interesting)

fbjon (692006) | about 9 years ago | (#13753762)

There was an analogy with a bridge earlier. Bridges are designed with redundant security, you can (usually) put a lot more weight on them than what they are rated for.

In the same vein, instead of trying to make every part of the code perfect, how about designing some redundancy into the code?

I leave it as an exercise for the reader to figure out what the hell that means.

Re:Error-free software... (1)

nmb3000 (741169) | about 9 years ago | (#13753830)

I leave it as an exercise for the reader to figure out what the hell that means.

Have you been reading my Calculus textbook? If I had a nickel for every time I saw that...

The Market Decides (4, Insightful)

the eric conspiracy (20178) | about 9 years ago | (#13753462)

The fact is that the market has already decided the answer to this. People buy the least expensive software they can get away with. If the application is unreliable enough to regularly lose data it gets flushed out of the market. If it works well enough and is for the desktop it becomes popular. If it is used in critical applications where data loss is not tolerated they you have stuff like Oracle which people pay $50,000 per CPU for.

Re:The Market Decides (3, Insightful)

Husgaard (858362) | about 9 years ago | (#13753539)

The fact is that the market has already decided the answer to this.
And the problem with this guy is that he doesn't like what the free market has decided.

He wants laws to be passed that would make some (or all?) kinds of disclaimers on warranty and fitness for a particular purpose illegal for software.

He wants it in the name of "consumer protection", but he does not realize that the consumers are not interested in paying the higher price tags this would put on software.

The only ones whom this would really protect would be corporations big enough to buy costly insurance against claim. They would be protected against competition from Open Source software and smaller companies that would drop out of the software market because of the risk of liability.

Re:The Market Decides (1)

shutdown -p now (807394) | about 9 years ago | (#13753786)

And the problem with this guy is that he doesn't like what the free market has decided.
Wouldn't you say it is a perfectly valid position, though? "Decision" of the free market is essentially the decision of the majority, but there's always an (unhappy) minority too.

For the record, I do believe that he is right, to an extent. Software should be less buggy and there are ways to improve the situation. And yes, I am a programmer.

Re:The Market Decides (1)

idlake (850372) | about 9 years ago | (#13753616)

The fact is that the market has already decided the answer to this. People buy the least expensive software they can get away with.

That's because quality and security are properties of software that are difficult to evaluate for most buyers; people end up with worse software than they actually need. This is a standard example where markets fail to reach the overall optimal outcome.

Re:The Market Decides (2, Insightful)

Lucractius (649116) | about 9 years ago | (#13753667)

This is exactly right.

If you look beyond the x86 desktop market, theres a LOT of software thats close to bug free. and the companies that Pay for things like high performance Oracle soloutions, massively parralel Solaris on Sparc systems, "continuous computing" (ULTRA high availability with high levels of disaster tollerance) OpenVMS on Alpha or Iatanium...

Companies that will pay more than $ 250 000 USD on a single sytem demand the highest quality of code, and these companies DO deliver it.

OpenVMS is renouned for it, the OpenSolaris code shows how hard sun have worked to keep all bugs out, in the 3 months since they open sourced it, i think the tally of bugs found stands at 7. for how many thousands of lines of code... just 7 bugs.

Its when programers are pushed into these "Rapid Development" tools and enviroments that these standards can never be realisticaly achived. Which is unfortunate... But not everyone wants to pay thousands, or wait years bettween aditional features.

Re:The Market Decides (1)

falconwolf (725481) | about 9 years ago | (#13753755)

People buy the least expensive software they can get away with.

No, people don't buy the least expensive software otherwise more people would be using FOSS not proprietary software. The'd also keep using the same software instead of upgrading both the software and the new hardware the software requires.

If the application is unreliable enough to regularly lose data it gets flushed out of the market.

I disagree here too, I don't know how many tymes people loss data because Windows crashs, yet it's the most widely used desktop OS.

Oracle which people pay $50,000 per CPU for.

Which points out that people don't buy the cheapest software, there are other DBMSs out there that are cheaper.

Now I realize you may be thinking of TCO, Total Cost of Ownership, but if so I'd ask how much the new version of Office will save the buyer over the cost of a new computer and the new version of Office? Though not all the tyme, I'd bet many tymes the old software is adequate for the job, unless of course it's bug ridden, but if so then it shouldn't of been put on sale.


Re:The Market Decides (0)

Anonymous Coward | about 9 years ago | (#13753822)

Oracle aint that good, btw

he is full of shit (4, Funny)

Lehk228 (705449) | about 9 years ago | (#13753463)

There is also a big difference between consumer software like word processors and web browsers, and the massive information systems used internally in large companies.

The companies writing the large systems usually have contracts which mean they are liable for damages, and this increases both the cost and the reliability of the resulting programs.

I must assume he doesn't work with internal apps much.

author is obviously unfamiliar with free software (4, Insightful)

twitter (104583) | about 9 years ago | (#13753468)

it will probably mean that commercially-available code is more expensive and cause major problems for free and open source software developers.

Everyone knows that most free software, by virtue of peer review, has fewer bugs and errors than commercial code does. If what he means is that you have to be licensed, bonded and "protected" by a corporate staff of 800 pound gorillas to write code, then free software will have problems. Such a missallocation of resources still won't buy him better code.

This whole issue is a troll the non free software companies come up with every few years. It's a mistake for them, however, and will blow up in their faces. Free software will overcome such nonsense the same way Good Samaritans do. Worse, what kind of society would outlaw exchanging of advice on how to do something? That's what sharing source code it. Why not outlaw engineering texts instead?

Re:author is obviously unfamiliar with free softwa (1, Informative)

Anonymous Coward | about 9 years ago | (#13753567)

Everyone knows that most free software, by virtue of peer review, has fewer bugs and errors than commercial code does.

No, I don't know that.

Would you mind telling me it's basis?

OSS software typically has fewer bugs because most OSS projects are so small in scope that it's possible to kill most bugs within the useful lifetime of the software.

The large OS software (Mozilla, Linux, OOo) that exists typically has as many bugs (or more, in the case of Firefox -- note [] all the exploits being released for it, now that it has market share) as it's commercial counterparts.

Where did I get that idea?

I pulled it out of my ass, just like you pulled that crap out of yours.

Re:author is obviously unfamiliar with free softwa (4, Insightful)

Xugumad (39311) | about 9 years ago | (#13753691)

And you get modded down. Genius.

Seriously here people, most free software is complete tripe. The popular projects you hear about, Linux, Firefox, etc. are just a small fraction of what's out there. Peer review only works if people are interested in your project.

Open source tends to be written by/for people who care more about stability than features, and that's a major help, but it is not miraculously better. How many people here have actually sat down, and looked over the source of an open source project to check for bugs/exploits?

Re:author is obviously unfamiliar with free softwa (4, Insightful)

twitter (104583) | about 9 years ago | (#13753862)

Seriously here people, most free software is complete tripe. The popular projects you hear about, Linux, Firefox, etc. are just a small fraction of what's out there. Peer review only works if people are interested in your project.

You realize what you said is true, circular and bad news for commercial software, don't you?

What you call "tripe" is what the author wanted to get done and what no commercial software vendor would provide. Score one for free software - meeting user needs.

The "popular" projects do indeed rock and will be better than anything commercial because no firm can match the development effort. Look at the gnu debugger. The last time I checked it had more than 87 authors. Show me a commercial debugger that gets that much attention. That's just one of the thousands of gnu projects that make free software actually work. Score two for free software - in the end, what needs to get done gets done better.

Finally, you are half right about peer review only working on projects that other people care about. If you can't find a single other person in the world interested in your project you have a rare project indeed and won't find any help. Most people are not so original and will usually find dozens of projects that do something very close to what they want to do. So far, so good, where did you go wrong? When you turned a blind eye to the most popular non free software getting no such help at all. For all your customers can tell it was written by a lone monkey paid in bananas who was forbidden contact with the rest of the world. Final score - free software 3, commercial software zero.

This message composed and transmitted on a system run with complete tripe that just happens to have more features and run much better than any commercial software available.

Re:author is obviously unfamiliar with free softwa (-1, Troll)

Anonymous Coward | about 9 years ago | (#13753702)

Spoken like a person with zero real world experience.

Re:author is obviously unfamiliar with free softwa (-1, Flamebait)

Anonymous Coward | about 9 years ago | (#13753704)

Everyone knows that twitter doesn't know what he's talking about. This means that any post on Slashdot, authored by twitter can immediately be modded down to -1 because you can bet it's full of assertions and false analogies.

What kind of website rewards utter fuckheads like twitter?

Re:author is obviously unfamiliar with free softwa (0)

Anonymous Coward | about 9 years ago | (#13753775)

ANY software is better off if more people have access to the source, and have an interest in the use or improvement of the software. Just source access is needed for this. Look at JIRA by atlassian for example, or one of the thousands of other commercial software that allow source access (java for example).

99.9% of open source software is buggy rubbish. Just look at the sourceforge graveyard. The best projects have lots of users with a vested interest in the projects success (see linux, gnu, mysql, perl etc). This allows many people to inspect and improve.

Open source per se has nothing to do with it - nor does commercial software. Its the people who have access to the source, whether it be companies or the public that determine the quality, not the license which its distributed with.

Re:author is obviously unfamiliar with free softwa (1)

Detritus (11846) | about 9 years ago | (#13753860)

Everyone knew that the Earth was the center of the universe.

liability iff no source (5, Interesting)

Anonymous Coward | about 9 years ago | (#13753476)

I've said this years ago: software liability should apply on programs you pay for but for which you don't get the source. If money you pay goes to make something you don't have source level control over then that implies the vendor thinks its of sufficient quality that you, the end user, should not have to fix it. If you get the source then there is no guarantee and the distributor should have no liability. This doesn't mean you have to have the right to re-distribute the source -- but you have to have the right to re-build it using commonly available tools so liability can't be limited to one "magic" libarary.

Re: liability iff no source (1)

Jinjuku (762364) | about 9 years ago | (#13753680)

I don't have a problem giving out the source with NDA. It's just that I find most people have a problem paying what I am going to ask for the brains behind 8 years of effort.

I love people who critique whole industries that they have no real working knowledge of

I pretty much think that most of us try to produce clean code, fix stuff when it breaks and learn from the experience

Remember, you avoid mistakes through experience, you gain experience by making mistakes, it's life people get used to it.

So you assume everyone can write code? (3, Insightful)

xswl0931 (562013) | about 9 years ago | (#13753759)

You mistakenly assume that just because someone is given the source code, they are capable of understanding it and making fixes. If your refrigerator manufacturer gives you the blue prints to the frig, does that mean they aren't liable if something goes wrong? Software shouldn't be treated any different than any other product. If there is a safety issue, then the manufacturer should be required to provide a fix. Source code or not shouldn't have any effect.

least content ... EVER! (1)

jonastullus (530101) | about 9 years ago | (#13753478)

that must be the article with the least content in my entire slashdot "career".

no thesis, no argument, no concrete examples of HOW to make software better or HOW to implement such liability.

i do understand this is a follow-up, but why exactly should ANYONE care about this mindless piece of crackpot-tery?

Shouldn't this be handled by supply and demand? (5, Interesting)

Captain Perspicuous (899892) | about 9 years ago | (#13753496)

[ ] vendor guarantees that software works as advertised
could be another checkbox that all software companies are trying to reach.

"What? You don't guarantee works-as-advertised? Well, then I'm looking for a different product."

If computing magazines would update their testing methods and added this one checkbox, Microsoft just might say "oh, hey, we haven't covered that checkbox yet. We need to have every checkbox. Let's quickly drop by the legal department get this in order..."

Great (4, Insightful)

LWATCDR (28044) | about 9 years ago | (#13753505)

The Lawyers will love it. They will launch massive class action law suites and will make millions. If you are part of that class action you will get one dollar.
The software vendors will not fix bugs because to fix them they have to admit they have them and will get the daylights sued out of them.

Re:Great (1)

BeerMilkshake (699747) | about 9 years ago | (#13753568)

Awesome - some of us could go into 'Software Law' - a new discipline and second career! Gotta be better than coding...

Re:Great (1)

deanj (519759) | about 9 years ago | (#13753851)

I think you're spot on.

This is a laywer's wet dream. They've sued the living daylights out of car companies, tobacco, and drug companies... now they're after new blood. If robots ever get really popular, they'll be suing them next.

Now, don't get me wrong. There are plenty of good reasons to hold car companies, tobacco companies and drug companies accountable for things they've done. It's the lawsuits that happen when those companies did NOTHING wrong.... that ticks me off. (Well what a sec.... I find it a little hard to believe that tobacco companies never did anything wrong...but I digress....then again, this is Slashdot, digression isn't that uncommon).

Lawyers. The only good one is yours. The rest stink.

The keys to stable software... (1, Insightful)

borgheron (172546) | about 9 years ago | (#13753508)

The keys are:

* Tell users to stop asking for tons of new features in unrealistic timeframes.
* Tell software managers to actually give individual developers time to develop software the write way instead of insisting that they slam code out.
* Get compentent testers who can help catch any aggregious problems before it goes to market.
* Stop hiring assholes who just have certificates and get some degee holding professionals who actually know what the f*ck they are doing.
* Stop outsourcing to india where most programmers are taught to slam out code no matter how messy it is. (I know this because I've worked with a few people who've come from that environment to the US)

All of the above costs money. If you're willing to spend the $$$$ that all of the above will cost you, you're software quality will improve.

Until then STFU.

Later, GJC

Re:The keys to stable software... (0)

Anonymous Coward | about 9 years ago | (#13753754)

and how exactly am i supposed to do this as a consumer? The article was talking about giving the same level of consumer protection that exists (at least in the UK) on physical products to software products.

A rant about the development side of software has no impact on how an average consumer is involved in the process. Now that computers and software are moving towards being consumer goods I would not be surprised that either new legislation is drafted to give these kinds of "fitness for purpose" requirements on them or existing legislation is interpreted to require them. It was only a few years ago that adverts for computers had to include VAT as they were considered consumer products.

And you don't think the quality of software would improve if companies became liable for these issues and therefore the programmers themselves?

Legislation (1)

beaver1024 (645317) | about 9 years ago | (#13753509)

Software products, the Internet and concepts of open source and free software are so new that our eminent law makers are having severe difficulties trying to comprehend the implications of their use on society. The concepts of negligence, mechantable quality and misleading and deceptive conduct that prevades traditional product liability cases are difficult to apply in cases of software faults, especially when it is free software. Modern complex systems are usually confined to specialised units such that faults can usually be traced to a responsible entity relatively easily (e.g. nuclear power plant). However very complex software products often interact with each other in the mass consumer market sometimes producing unpredictable results which may or may not be intended. Added to this is the question of even who is responsible in a free software environment where the contributors number in the thousands. Traditional legislative framework that govern normal product liability need to be overhauled in this new complex software environment. However given that our eminent law makers will, for the forseeable future, remain wilfully ignorant of the pace of technology change I doubt things will change.

free software (1, Interesting)

Anonymous Coward | about 9 years ago | (#13753515)

Pundits seem to frequently make two assumptions/assertions
1) Free software is less tested than commercial software
2) Free software programmers are programming for free. (The article
claims this without the slighest proof)
But I know from personal experience neither of these is universally true,
and I don't believe either to be particularly true. I wish there was
a great deal real data on these topics, but there does not seem to be.

1) I know proprietary products sold to customers by a commercial
enterprise that were written
by one person and not code-reviewed or even read by anyone else ever. (Ok, not a big seller, but who is to know the statistics of review
in proprietary software? Proprietary software is well hidden...)

2) I know one open source product on which all the key contributors are paid to do
the work because it benefits the companies they work for.
Just not paid by the FSF that owns the product.

My comments don't prove anythin, they just advise caution about pundits
who seem to make questionable assumptions.g

not possible (0)

Anonymous Coward | about 9 years ago | (#13753525)

The possibility of errors rise with the size of the project, number of people involved and competence of the programmer. If precompiled libraries are used those are also a source for errors.

Error free code is another funny concept like police protecting you (they exist to enforce law, not protect you).

He's got a valid point (5, Insightful)

MerlynDavis (637066) | about 9 years ago | (#13753526)

The author has a point here. We accept a lot more ... "bugginess" in software than we do in any other product (Cars, Banks, Tools, etc.) And it's pretty much become the norm that if there are problems, folks just shrug, claim it's just software and move on. But if the folks building bank vaults left as many holes in their products as software, people would be screaming bloody murder. I've done software development as a hobby myself, and don't release my code to the public, because I know it's not even up to my own standards of stability, reliability, security. Programmers/developers need to take more time with their products, and think security & reliability from the start of a project, not as an afterthought. With as many products requiring patches within the first couple weeks of release, consumers do need to start getting angry about this stuff. Or, at the very least, start challenging software companies when the products they do release require more MB in patches than the software was originally....

Re:He's got a valid point (1)

Cave_Monster (918103) | about 9 years ago | (#13753661)

I think it depends on the type of software as to what reaction would be exhibited by someone towards a bug surfacing. If you were running xmms for instance and it crashed while playing your favourite tune, sure it would be frustrating but hey, life goes on and you start it again. If on the other hand the software running on the computers at your local bank seemed to always lose $5 from your account every month, I'm pretty damned sure people wouldn't be shrugging this off. They would be jumping up and down. Same goes for the software running your traffic lights, what if, at an intersection, occassionally you had all lights green? Or maybe the navigation software on the plane you were traveling on fails every now and then? Everything needs to be put into perspective, the price, the use and the time needed to achieve the desired goals.

With respect to OSS, in reality there is no real deadline. Anyone can contribute and there is ongoing development. In industry, companies have deadlines. They need to make money and when the customer says 'I want that software delivered by COB tomorrow', you comply and deliver it whether it's been fully tested and been shown to be bullet-proof or not.

Re:He's got a valid point (0)

Anonymous Coward | about 9 years ago | (#13753670)

I think the big difference is what you lose when a product fails. When software fails it is usually a bit of a headache. When a car fails, we are talking fatalities. Even when bank vaults "fail," you are looking at lost physical value. This is all tied up with the value of digital, easily reproducable "things" vs real physical, non-reproducable things.

I would love to see better software being written, so I tend to work on software when I have the time and inclination. I don't really want to have to pay for someone else to take the time though, and I don't think many others do either or we'd see better software being sold at the consumer level now.

We'll take the "Google News" way out... (4, Insightful)

bbk (33798) | about 9 years ago | (#13753529)

Ah, so he wants people who right software to guarentee their work?

Things will then just never make it out of beta, for fear of the law. If the software breaks "Tough luck, it's still in beta, what were you doing using it for mission critical work anyway?"

This "eternal beta" is also used to avoid other sorts of legal wrangling . The most obvious example is Google News - it's "beta" still because google is worried about capitalizing on other people's news content. While unrelated to software quality, because it's an "unfinished beta", it doesn't get sued out of existance.

So, welcome to using software versons 0.9.9 forever... I can't wait.

Re:We'll take the "Google News" way out... (0)

Anonymous Coward | about 9 years ago | (#13753765)

The readers want people who type to "guarentee" to use spell checkers and know the difference between the homophones "right", "write", and "rite." Please use the Preview button before you submit your next post. How did parent get modded up with such glaring errors in the first sentence?

Nobody wants "perfect software" (yet) (2, Insightful)

G4from128k (686170) | about 9 years ago | (#13753535)

What people want is:
  1. The latest whiz bang feature to impress their friends
  2. The latest feature copied from a competitor's software
  3. The latest feature to be compatible with everyone else
  4. The most feature checkmarks for the PHB to authorize the purchase or selection of a software application

None of these demands fosters reliability. It fosters a frantic race to add features and ship stuff ASAP. Everyone seems caught in a massive vicious cycle of upgrades so that nothing ever stabilizes or matures.

Perhaps if/when people stop finding new uses, new formats, new file types, and new applications, then the industry will mature and people will turn their attention to stability and reliability.

Our Data:an appeal - a "Plimsoll line" for apps (4, Insightful)

NZheretic (23872) | about 9 years ago | (#13753541)

By myself [] from June 14 2002 []

However relatively bad the security of Microsoft's products are in comparison to what the free licensed and open source communities ( as well as practically every other vendor on the planet ) provide, Microsoft is not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as ever other OS and vendor.

From the Plimsoll Club history []

Samuel Plimsoll brought about one of the greatest shipping revolutions ever known by shocking the British nation into making reforms which have saved the lives of countless seamen. By the mid-1800's, the overloading of English ships had become a national problem. Plimsoll took up as a crusade the plan of James Hall to require that vessels bear a load line marking indicating when they were overloaded, hence ensuring the safety of crew and cargo. His violent speeches aroused the House of Commons; his book, Our Seamen, shocked the people at large into clamorous indignation. His book also earned him the hatred of many ship owners who set in train a series of legal battles against Plimsoll. Through this adversity and personal loss, Plimsoll clung doggedly to his facts. He fought to the point of utter exhaustion until finally, in 1876, Parliament was forced to pass the Unseaworthy Ships Bill into law, requiring that vessels bear the load line freeboard marking. It was soon known as the "Plimsoll Mark" and was eventually adopted by all maritime nations of the world.

The risks,issues and solutions for providing a more secure operating and application enviroment have been known for decades.

Those who do not already comprehend the issues and are willing to learn, should take some time out to listen to some of the speeches at Dr. Dobbs Journal's Technetcast security archives [] , starting with Meeting Future Security Challenges [] by Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA)

The design and implementation of some applications and servers are just too unsafe to use in the "open ocean" of the internet.

Numerous security experts have railed against Microsoft's lack of security, best summed up by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc who rightly said: []

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

However Microsoft's products are not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as any other OS and vendor.

In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast [] , Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software. However, historically this has not always been the case, since most businesses can insure against damages and pass the cost along to the consumer.

The Ford Pinto and more recently the Ford Explorer's tires are two examples of public and media pressure being more successful than just threat of lawsuits. Even so, just as with the automotive industry, eventually though public pressure the governments around the world have to step in and pass regulations that set up a minimum set of requirements an automobile has to meet to be deemed "road worthy". This includes crash testing as well as the inclusion of safety equipment on all models. The requirement are not constant and change to meet the expectations and demands of the public and lawmakers.

The onus is not only on the automotive industry itself but also on the users. Most countries require that all automobiles undergo regular inspection and maintain an up to date "Warrant of Fitness".

In the same way, if you want a secure IT infrastructure, eventually the software design, implementation and each deployment will have to undergo the same type of regulation and scrutiny.

Unix,Linux,BSD and especially OpenBSD are currently far superior in terms of security, both in closing the vulnerabilities in applications before they have the chance to be widely exploited and implementing more secure access subsystems ( SELinux/LSM etc ).

However, should the Unix, open source and free licensed communities and vendors be taking a more active approach, including lobbying government, to
1) set up a minimum set of expectations, in the design and implementation of internet "accessing" software ; and
2) ensure that all deployments are more securely implemented ; and/or
3) remove inherently unsecure products from the marketplace,

IMO the above three are preferable to all software vendors, including Microsoft, than attempts to allow liability lawsuits against vendors for deployments which the vendors do not necessarily have any control over.

Bugs in software are a given (1)

hattig (47930) | about 9 years ago | (#13753547)

For now, given the languages software is commonly written in these days.

What the liability should be is for Time To Fix.

A software developer shouldn't be liable for a bug, but they should be liable for unreasonable time to fixes for the bugs. How long is unreasonable? That depends on the severity of the bug as it relates to security and advertised functionality. I'd say that a week was long enough to post a fix in most cases for a replicable bugm certainly no more than a fortnight.

This type of liability might be a problem for spaghetti-code houses that knock out crap without a care. I don't mind if these places get a kick up the backside.

The issue is rushed software development, utilising software programmers rather than software engineers. Liability rules would mean a move towards proper software engineering - the implementation might still be by mere programmers of course. It'll probably take twenty years or so to get to this state I suppose.

Insects in software are a given (0)

Anonymous Coward | about 9 years ago | (#13753705)

"For now, given the languages software is commonly written in these days."

And what language would you recommend?

Re:Insects in software are a given (1)

hattig (47930) | about 9 years ago | (#13753820)

None of them (to my knowledge)! I'm just saying that languages these days are, to varying extents, not stopping the creation of bugs up front. Specification, Verification and Exhaustive Implementation Testing aren't integral. Some have optional features that aid certain aspects (e.g., JUnit with Java) and a decent software house will have their own systems as well, but AFAIK there is no language that integrates all aspects of software engineering into its create-build-test-deploy process.

Are they required for your average desktop application? Certainly Not. _Requiring_ that all software have this (by way of legislating overbearing liability regulations) would increase costs by what? 10x? 100x? How many software programmers are good enough to formally specify and verify all aspects of a design and implementation? The job market will be good for those of us with the skill and ability ...

What we have now is reasonable. If you need near-bug-free software than you can opt to pay 100x more for it, and then get a contact with liability assigned to the creators - and probably then to merely get same-hour attention applied to flaws, rather than for costs. Maybe if some software is totally flawed the law should get it completely removed and refunded as a dud. Totally flawed is not 'I couldn't get it to work', it is 'Thousands of users reported data loss'.

Re:Bugs in software are a given (1)

hattig (47930) | about 9 years ago | (#13753716)

Another point - you know how much you paid the last time you called the plumber, electrician, gasman out to fix something? It was quite high wasn't it, made you think of quitting software engineering and going into plumbing because you worked it out that they must be on £50k ($100k) a year.

20% of that is probably spent up front on personal liability insurance. And that is for a task that can be done correctly 100% of the time if you know what you are doing.

Given software's poor record so far, we'd be looking at personal liability insurance for contractors, or entire companies, being a much larger amount of the cost.

When software engineering contractors start having to ask for wages starting at £200k ($400k) a year, where half of that amount is simply to cover liability insurance, we will end up getting software at 1/10th of the rate that we do now, and only 1/100th of it overall.

Insurance companies will start hiring code auditors, to audit your company's code to assess risk. Unlikely that any company would want to hire someone with under 10 years experience in that case, in case of a poor audit. Any enforced regulation would kill the industry.

So if we ever have to pay £2000 for a web browser, this idiot Bill Thompson will have been the originating cause.

numb nuts (1)

chewy_fruit_loop (320844) | about 9 years ago | (#13753553)

bill thingi that wrote the article likes to jump on the latest band wagon the bbc send him.
from his previous articles, he has scant grasp of the realties of the tech world. he gives his 2 pence worth to the bbc so they can publish another "the sky is falling" piece.

yes perfect software is possible, but you can't possibly afford it

civil engineers do not build perfect bridges, they build them within tolerances. plus you don't normally build a bridge with a box of millions of different bits. you get your lot of girders and cable etc. which are all relatively speaking the same.

Re:numb nuts (1)

Cave_Monster (918103) | about 9 years ago | (#13753683)

bill thingi that wrote the article likes to jump on the latest band wagon the bbc send him. from his previous articles, he has scant grasp of the realties of the tech world. he gives his 2 pence worth to the bbc so they can publish another "the sky is falling" piece.

It's obviously working for them. How many people have now clicked on the link to read his dribble?

More people reading the article = more advertisers feeding money into the BBC = BBC are very happy.

Re:numb nuts (1)

Crunchie Frog (791929) | about 9 years ago | (#13753850)

More people reading the article = more advertisers feeding money into the BBC = BBC are very happy. You do realise the BBC doesn't carry advertising, right ?

Open Source could do it (1)

QuantumG (50515) | about 9 years ago | (#13753556)

The reason you can't use critical systems development techniques to develop applications software is because the cost/benefit analysis is still unbalanced heavily on the side of cost. If you're a company that does critical systems development you have a greater chance of success if you find a client that requires critical systems as the benefit (often, "people don't die") far outweighs the costs. But Open Source turns cost/benefit analysis on its head. When developers volunteer their time the costs can't help but remain low. When the benefits are spread around to everyone, instead of just a select few, large costs can be justified. Sure, we'll need an order of magnitude more developers, and they'll have to learn new techniques, like formal specification and software verfication, but we're geeks, we like to learn new things and we like to have real projects to practice our craft on. How many of us are going to get the chance to develop using critical systems techniques? It'd be fun, and imagine the bragging rights: Four years and counting and not a single bug found. Unprecidented.

I have been wrong before but... (2, Insightful)

Afecks (899057) | about 9 years ago | (#13753570)

I do not think we should automatically exclude free/open source software from our analysis simply because it is produced by teams of programmers working for nothing, and the fact that it is given away does not, of itself, provide legal immunity.

I do, at least to the full extent of the law.

Expecting anything from someone who gave you free/free software isn't reasonable. The fact is, the licenses are there not only to save the developers necks but also to serve as a warning. When something says "AS IS" that means exactly what it says. You take it as it is, faults and all. There is no trickery involved. Nobody tried to sell you a lemon.

Writing error-free code IS impossible because there is no possible way to enumerate all the potential hazards that face the software. In a bubble, on a clean install, software can behave "perfect". Once you let it out into the real world where people have literally an endless number of different conditions on their computers, it's simply not realistic. If the operating system has a single flaw, then the software is inherently flawed as well. We all know about Windows' track record of buginess and of course all OS suffer from bugs. That doesn't mean the developer or corporation is trying to get by with it (well maybe some). It just means that "to err is human".

The way I see it, free software (as in freedom) is a community effort. If it doesn't work, it is just as much as your responsibility to fix it, by contributing either time or money. If you won't help fix it then you are as much to blame as anybody. I guess that sounds harsh but I'm really tired of seeing everyone passing the buck to someone else, especially to the people that are trying to help society by providing possibly useful or entertaining software. These developers are doing us a favor. They don't have to write software for us and we don't have to use it. Expecting anything more than that is absurd.

amazing ignorance (2, Informative)

youngjohn14 (921664) | about 9 years ago | (#13753586)

"The companies writing the large systems usually have contracts which mean they are liable for damages, and this increases both the cost and the reliability of the resulting programs." As an IP attorney working in the industry for the last 14 years, this statement is just so....amazingly....stupid I would have thought the editors of the BBC would have caught it. It is wrong on so many levels. No non-on-the-ropes software developer will bet the company on error-free code. At the most, a developer will agree to correct errors. And MAYBE some limited liability for intentional errors.

shifting the goalposts (1)

sdedeo (683762) | about 9 years ago | (#13753591)

I haven't taken the time to read the prior article carefully, but whatever the point he was originally trying to make has been completely lost in his attempt to shift the goalposts of the argument. (As far as I can tell, his original article said we should be allow to sue programmers for bugs.)

This second article says "people should write better code". Well, um, I disagree! Wait, no. Of course not. Yes, the quality of code should improve, and should always be improving.

The analogy to automobiles seems quite ridiculous. While there are some rare and unusual automobile failures, the basic system you have to check to make sure a car is "fatal accident free" is both completely transparent (mechanical connections that you can fully simulate if need be) and has been unchanged for years. Furthermore, it is possible to "overdesign" -- you know what the failure is going to look like (car hits object stops suddenly) and you can plan against it.

Software is something completely different. Each piece of software does something new (or, at least, it should.) The connection between different components is not transparent and while there are overall structural similarities, and long tested protocols, those protocols are nowhere near as "clean" as a car's drivetrain. Not to mention the fact that truly new software has to invent protocols along with the code.

I would imagine if car manufacturers changed basic facts about the drivetrain or the steering mechanism or the car structure each time they built a new car, they'd have a bug rate close to the average piece of software. And, of course, car bugs are not new -- there are the famous ones, like the Pinto (and less famous ones, like the "suicide doors.") To put things in perspective, when the Pinto was built, cars had been around for decades on decades. Are there any remaining fatal bugs in a classic C compiler?

wrong, wrong, wrong (2, Insightful)

idlake (850372) | about 9 years ago | (#13753595)

It doesn't make economic sense to create some kind of liability for the authors of software; there is no single level of quality that everybody needs.

The best thing we can do to increase software quality is to hold the people responsible who can actually do something about it: the people who buy software.

If your Windows PC crashes and you lose data, that's your responsibility; you could have gotten something different.

If the bank's Microsoft-based database server has a serious security hole and someone breaks in and defrauds customers, then the bank should be held fully responsible for that; they shouldn't be able to shift responsibility to either Microsoft or the person who broke in. That will force institutions like banks to negotiate contracts with software vendors that ensure an appropriately high level of correctness. And there is no need to burden our courts with "hackers"--you won't be able to find and lock them all up, so locking up some of them is not a rational strategy for making computers secure.

In any case, if one wanted to, one could easily make legal distinctions betwen FOSS and Microsoft/Apple when it comes to liability. First, expert users generally have to accept a higher level of responsibility than non-experts. Arguably, FOSS users are, by definition, expert users. Also, for-pay software involves an actual sale, which can easily and sensibly be regulated differently from non-sale distribution when it comes to liability.

bad analogies for software engineering (1)

PMoonlite (11151) | about 9 years ago | (#13753625)

Once someone starts making analogies between building software and building bridges or cars or houses, you can pretty much ignore what they have to say. Engineering software is unlike any other form of engineering in almost every way. All of your cost is in the design and test cycle. Prototypes are available to test for free as development occurs. Building and distributing the finished product is incredibly cheap. Replacing faulty software is typically inexpensive for both parties.

The economies of the situation provide completely different motivations from the realities of engineering a physical product, so there's just not much point in the analogy.

Near perfect software is possible (1)

JoeGTN1 (836394) | about 9 years ago | (#13753626)

Near perfect software is possible:
They Write the Right Stuff [] (I got it from here: Space Shuttle Software: Not For Hacks [] )

Yes, it takes time and money but it isn't unthinkable to change how software is written. Fully understand your customer, and justification for EVERY code change. Code reviews aren't important, they're everything. When the way we think about writing code changes and the procedures become commonplace it won't cost so much to do it this way.

Re:Near perfect software is possible (1)

Cave_Monster (918103) | about 9 years ago | (#13753701)

Not all companies hire the 'best' people. Whether it's because they can't afford them, can't recognise them or just need more people otherwise they can't finish the current project. Regardless of the processes employed at a particular company in developing software, if you only have bunnies, you will always get inferior products.

Not entirely new... (4, Interesting)

cperciva (102828) | about 9 years ago | (#13753629)

Dan Bernstein has offered a guarantee for many years that djbdns and qmail are secure. Now, this is a rather vague guarantee, since the task of deciding if a reported problem is a security flaw lies with Dan Bernstein himself; but it's a start.

I'm currently writing some cryptographic code, and I intend to go considerably further: I intend to offer a guarantee not only that my code operates as specified, but also that it is not vulnerable to any side channel attacks within certain classes.

As the time-to-exploit of security flaws continually decreases, I see only one solution: Writing code which is correct in the first place. If you can do that, you can offer a guarantee. And hopefully once security becomes as larger issue to consumers, people will start looking for guarantees.

Remeber IEFBR14 (5, Informative)

sk999 (846068) | about 9 years ago | (#13753631)

Making bug-free software is much harder than anyone can imagine.

Let us not forget the very modest program IEFBR14 - arguably the shortest
program ever written for use in a production environment. It ran on IBM's
System/360. (I rans it many times myself.) Its sole function was to
exit - nothing else. It was a whopping one machine instruction long - 2
bytes. It was even Open Source (BR14 is the assembly language version of
the instruction, which is the standard way programs exited). It was the
simplest possible program that one could write. If ever there was a
program that was going to be bug-free this was it!

It had a bug.

When a program exits on OS/360, it is expected to have set some bits to
indicate any errors. When a program is called, those bits are in an
unpredictable state. IEFBR14 had to be modified (doubling its length) to
clear the bits first.


It's not worth the price (3, Interesting)

autopr0n (534291) | about 9 years ago | (#13753633)

When I ran Autopr0n, hooo... that code was awful. But there really was never any kind of economic incentive to fix it, I could just keep restarting my JVM (the thing was coded in java).

Or, look at That site goes down like a $2 hooker, yet it's so successful that the maintainer was able to quit his day job and support himself based on the site. People don't care.

Even when you get to a desktop OS back in the '90s, quality just wasn't that important. Would you rather pay $10,000 for an OS, or $90 and loose work once in a while.

If the cost of the lost work due to software errors is less then the cost of writing the code so that it works perfectly, then it's not worth doing. Sure, for some programmers there's not a tradeoff, but those programmers probably cost a lot more to pay then 90% of the coders out there (who are idiots, IMO, just look at the existence and popularity of Visual Basic).

When the cost of the error increases, you'll find much more stable software (like on medical equipment, airplanes, and so on).

The secretaries spreadsheet just ain't mission critical.

Of course, now that all computers are connected together, they need to be at least secure and not targets for worms and trogens, etc. I predict that we move towards web services, the software quality will get worse and worse, but people will just pay a sysadmin to sit there and reboot the machine whenever it goes down, so people won't notice everything...

Good License for Liability? (1)

xfmr_expert (853170) | about 9 years ago | (#13753641)

This is an issue that I have tried to find a decent answer to. I have some engineering software that I wrote (or will write) and want to release as open source. There's no real money in it, and if I had to support paying customers, fagghetaboutit. I've been around it long enough to know that a) you can't reasonably develop bug free software of anything more than moderate complexity and b) there's still the chance that someone does something stupid (garbage in, garbage out). With current product liability laws, I would be on the hook if something went wrong. Now, I'm not talking about software where a bug causes someone to lose an hours work, but software where a bug could possibly result in the loss of multi-million dollar equipment. Even though I'm giving it away, I could be sued into oblivion if some schmuck uses it and screws up. My big question is this: Is there an open-source license that effectively limits product liability? They all more or less have clauses, but I'm not all that sure they hold water. Anyone know anything about this?

The guy is smoking crack (0)

Anonymous Coward | about 9 years ago | (#13753659)

"The companies writing the large systems usually have contracts which mean they are liable for damages, and this increases both the cost and the reliability of the resulting programs."

Usually??? Liable for damages? I've done a lot of consulting working on contracts and it's a standard procedure to disclaim or SEVERELY limit all liabilities. Otherwise, you'll be out of business pretty soon: e.g. deliver $1M of software and have a couple of trades go wrong with damages of $50M due to some rarely used and poorly tested branch of the algorithm.

Seriously, can someone point to even one example where a software development company (with exception, perhaps, of medical/life support and nuclear industries) would accept liability for damages?

Zero defect is attainable... (1)

rayh911 (700608) | about 9 years ago | (#13753664)

It has been 5 years since my last venture into commercial software. Over the course of 3 years we sold our software internationally and recorded 3 bugs that actually made it into public code. Yes, it took a great deal of effort, and yes, it required even more discipline.

Our marketer continually pressed to release feature code before it was completely tested. Our QA enforced zero defect and full regression testing on all releases. Where it paid off was in user support, we charged a resonable maintenance fee for suppport that we never had to provide because the software was fully documented and tested. Our support staff was a guy with a pager, who answered calls 24/7 for software that was sold on 5 continents around the world.

Our software was squashed by our marketer in the end because we would not relinquish control of our source code. So our marketer killed our software business. The problem with software is marketing and the lack of commitment to quality.

Because of the nature of our software, we had 5 major releases including Beta over the 3 years, not to mention interim feature updates. Again, only 3 public user impacting bugs. Our focus on quality minimized our need for support.

As I said to begin, zero defect quality software is attainable, but it requires discipline and the strength of will to resist the marketer. I hope that I will again get the opportunity to prove it.

Re:Zero defect is attainable... (0)

Anonymous Coward | about 9 years ago | (#13753735)

It wasn't attainable for you. You just stated it had 3 bugs in it...

Word Watch: "Unsustainable" (2, Insightful)

The Famous Brett Wat (12688) | about 9 years ago | (#13753665)

unsustainable - (adj.) 1. Following a pattern which can not continue indefinitely due to the inherent limitations of the system. "Present growth is unsustainable in the long term." 2. A term expressing distaste, annoyance, and a personal desire to change things. "The current situation is unsustainable."

Some potential bugs I found. (2, Funny)

Anonymous Coward | about 9 years ago | (#13753671)

There has been a lot of discussion about my call for software liability in a column entitled Whose fault is it anyway?, and it shows that this is an issue which needs some serious attention.

"it" is an unclear variable reference. Does the pronoun "it" refer to the call for software liabilty or the column itself? Also, the title of the column should be italicized, underlined, or capitalized for clarity. Finally, the phrase "a lot" is depreciated.

There is also a big difference between consumer software like word processors and web browsers, and the massive information systems used internally in large companies.

Syntax error. No comma is needed after "browsers".

The companies writing the large systems usually have contracts which mean they are liable for damages, and this increases both the cost and the reliability of the resulting programs.

Syntax error: a comma should proceed a "which" as discussed in rule 11 [] .

Many readers commented on the difference between free/open source software and commercial software when it comes to guarantees, and criticised my use of the licence for the Firefox browser as an example.

Syntax error: no comma is needed after guarantees.

something that is paid for

Better: "something for which one pays"

But liability for consequential damage is different from guarantees of proper working.

Awk. Please unobfuscate this sentence.

Cars are a good example here. Motor vehicles have to be safe, and there are rules and regulations governing their development and production which, by and large, keep the roads safe from exploding cars. It does not stop accidents caused by driver error or poor maintenance, but it does make us safer.

Again, confusing pronoun reference. The "it" in the second sentence seems to refer to "rules and regulations". If this was the intent, please correct to "they" as this could cause unexpected results.

And if a group of people build their own cars then they have to follow those same rules in order to be allowed to use public roads, even if they gave their cars away.

The second variable "they" above refers to "group" not "people", which is singular. This sentence could be further optimized. Suggestion: "If a group built their own cars, it would still have to follow those same rules to use public roads, even if it gave the cars away."

It should be the same for software

Uninitialized variable. What is "it"? Please specify.

It is possible to make error-free code, or at least to get a lot closer to it than we do at the moment, but it takes time and effort. Doing it...

Overuse of "it". Please be more explicit in your casting.

Bill, please check your fixes as soon as possible before someone gets the idea to sue. Thanks. /sarcasm

Who is this stupid f***er? (0, Troll)

wcrowe (94389) | about 9 years ago | (#13753710)

Has he even ever written a program in his life? Idiot.

What he fails to see (1)

CaroKann (795685) | about 9 years ago | (#13753718)

I think he fails to see that, for most companies, new software products are viewed more like a new flavor of toothpaste than a new bridge. The competition is too fierce, the schedules too tight, to allow for the due diligence needed to properly develop stable software.

Of course, I am being a little facetious, but the pressure to reach the market is simply too great to allow for stable software development.

Auditing and openness (2, Insightful)

cicho (45472) | about 9 years ago | (#13753731)

Okay, so we've had the predictable reponses about how building software is different from building bridges, and then others point to the respective difference in cost. All true. But if bridges and buildings are so much more reliable than software, it's not only because they cost more. It's also because when they are designed and built, all procedures must conform to known standards (and not a few regulations). The specs are open and auditable, and architects actually have their work inspected all the way.

Should every word processor be built in this way, with open specifications, norms and audits? I don't know. Now how about vote-tallying software?

Good software costs (5, Interesting)

Angst Badger (8636) | about 9 years ago | (#13753752)

First off, I should issue a disclaimer that I'm an oldbie. I started programming in assembly language on punch cards, but no, this isn't going to be a rant about youngsters and their newfangled languages. (At least it better not be; my current job has me living, breathing, and eating PHP.)

The problem with bad software today -- just like it was thirty years ago -- is bad engineering. It's not because of the methodology du jour (or its absence), licensing, choice of language, or toolsets. You can write brilliant, bug-free, efficient software in COBOL using the basic procedural structured programming paradigm. You can write awful, buggy, resource-hungry software in object-oriented Java using XP. None of that shit matters.

Good engineering requires, among other things, a detailed understanding of the problem, thorough planning, the sheer experience required to distinguish between the clever and overcomplicated on one hand, and the lucid and elegant on the other, excellent communication between developers, foresight (also borne of experience), and rigorous debugging. All of these things, including the many other prerequisites not mentioned, require lots of time and effort. Too much time and effort, in fact, for most commercial software outfits to invest and still turn a profit.

That's the rub, really. All the methodology and language fads aside, the basic principles of good software engineering were worked out decades ago, and sometimes further -- good generic engineering practices in the abstract were worked out long before we harnessed electricity. It all comes down to this: the more time, effort, and care you put into a product, all other things being equal, the better the product will be. It's easy (and well-deserved) to mock Microsoft for the shoddiness of their major products, but that very shoddiness is why you can buy MS Word for less than ten grand. If MS built word processors the way engineers built the Golden Gate Bridge, the prices would be comparable.

The market does not reward that kind of quality. In the first place, no one is willing to pay thousands of dollars for a supremely excellent product when one that is good enough can be had for a couple hundred. Most folks couldn't afford that kind of software engineering even if they wanted it. In the second place, once you have the perfect all-in-one software package, why would you ever buy another one? Microsoft is in this position already with its good-enough products. No one needs an upgrade, so remaining profitable requires MS to churn out new versions of its increasingly resource-intensive operating system so that you at least have to buy new copies as you replace your older machines.

FOSS is at least theoretically invulnerable to these pressures. In theory, there will eventually be all-singing all-dancing FOSS packages covering all of the major software categories, and the age of commercial mass-market software will be at an end. I've been waiting for this day to come since well before the first release of Linux. I'm surprised that it hasn't come yet. I'm surprised that the majority of FOSS software is still as buggy, poorly designed, and -- almost without exception -- undocumented as its commercial equivalents.

I suppose I shouldn't be surprised. Excellence in software engineering is like excellence in any other field: it's really fucking hard. It's even harder when you have a day job; time constraints aside, after 8-12 hours coding at work, the last thing many developers want to look at when they get home is compiler output. Many of the remainder are either amateurs or students -- not to diss either category, but often the necessary experience is lacking, and the lone hacker often lacks the knowledge or the inclination to produce code that's easy for other developers to work with. I remain confident that we'll get there, though. (I am less confident that I will still care by then, but it will still be a boon to those who live to see that day.) I am equally certain, for the reasons mentioned above, that commercial software will probably never get there.

For FOSS to get there, though, more FOSS developers -- and that includes the amateurs and students -- need to become better educated about software engineering and better disciplined in its practice. We may need new design methodologies that are unique to FOSS because FOSS has unique conditions: many developers, who may or may not ever so much as exchange an email, spread out over years on the same projects. The level of modularity and documentation required far exceeds what is needed even in a large corporate shop like Microsoft's cube farms. Unfortunately, much of the FOSS world seems to be enamored by the design methodologies of the corporate world. Those methodologies, whatever their merits, cease to be as effective once they are removed from the context in which they were developed. I hope that this will change as time goes by.

why not get third party insurance? (1)

belmolis (702863) | about 9 years ago | (#13753773)

I don't think that we can simply say that the market has decided against software vendors accepting liability. Part of the problem is that so much software comes from Microsoft, which has refused to assume liability for its software. A company that tried to distinguish itself by selling a product that competed with Microsoft at a higher price in return for better quality assurance and a real warranty would probably not survive, not because people didn't like less buggy software with a warranty bug because of Microsoft's near monopology power.

It seems to me that a better approach would be for insurance companies to sell third-party insurance. They could test the software themselves, to whatever degree of rigor they considered appropriate, for whatever kinds of bugs they and their customers considered important.

This would have several advantages. First, it would not favor rich software vendors over poor ones, commercial products over free software. The insurers would evaluate the software and would set their premiums in accordance with their evaluation. The fact that the producer lacked the ability to stand behind a warranty would be irrelvant. If the software was of high quality, the insurance company would decide that it was not taking on a large risk by insuring it.

Another advantage is that software users could negotiate appropriate amounts of insurance at appropriate rates with the insurance company. One problem with asking the software producer to stand behind it is that users may have a vast range of uses and bugs may have vastly different consequences for different users. If a program crashing just means you have to go to Kinkos to make a poster or a greeting card, the damage is minor. If a security flaw reveals your company's strategy to a competitor it may cost you millions of dollars. Customizing the warranty that the producer gives to the customer is impossible outside of very specialized niches, but this is the sort of thing that insurance companies do all the time.

Software sucks because... (4, Insightful)

Jaime2 (824950) | about 9 years ago | (#13753782)

people demand that it sucks.

Seriously. For nearly every case, if there are two available pieces of software (OSS or not), most people will choose the one that is more feature rich. Sure, those in a mission critical situation or the poor people that get to install and support the software long-term will demand quality and maintainability. But, those people are far outnumbered by the masses that use software casually.

So, given a limited set of resources, quality will always be just barely up to what people will tolerate. Yes, even in open source software. Example: Mozilla Thunderbird -- They have a feature schedule out right now. About half of the planned features are in the current build. Do you think they'll wait until the code is 99.99999% error free in all situations before comitting time to add features? They have no deadlines, no financial burdens, no one telling them to ship the software. Yet, they will ship it. If they don't, their user base will entirely desert them and switch to a horrible, buggy, alternative (probably Outlook Express). This is simply because people demand cool crap. That's why they buy half the crap they buy, that's why the US has a $250 billion trade deficit with China. We collectively love crap.

Make liability limit = price of software (3, Interesting)

quentin_quayle (868719) | about 9 years ago | (#13753812)

Sure, let's have liability. The software must perform substantially as advertised - counting all advertisements, press releases, interviews given by publisher's officers, etc.. But make the amount of damages simply equal the price paid.

This would keep free-as-in-beer software in the clear. It would also have the side benefit of forcing Microsoft to reveal its OEM prices. :D

I like the source code as condition of immunity suggestion above too, but it would be futile without a licence like those the FSF approves, which would actually allow you to fix problems without violating copyrights and patents.

Analogy (1)

Bogtha (906264) | about 9 years ago | (#13753818)

Bugs and security holes can be as simple as a typo - e.g. if (uid = 0) { instead of if (uid == 0) {.

Now imagine that the BBC could get sued for every typo that made its way into their news articles. Sounds unappealing? That's essentially the standard this clown is holding software developers to.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?