Vista: fit for purpose... The UK Developer launch of Windows Vista and the 2007 Microsoft Office System was pretty impressive, as such things usually are. A 3D representation of the London Underground system from Lars Lindstedt's Microsoft Technology Centre at Thames Valley, complete with trains moving around in real-time, was particularly impressive ( …
I am most definitely not a lawyer but I think that Vista will be supplied as a service not a good and that the "fitness for purpose" provisions of that Act won't apply.
Now, I'm not at all sure that that would stand up in court but I don't think it has ever beem tested in UK or European law (no doubt someone will tell me if I'm wrong) - and it is quite possible that MS won't want to test it in court anyway.
But I'd hate to take on Microsoft's lawyers if they do, even if I did win in the end...
The IBM capability to ensure the security of the system was not just in the software; it relied on the ability of the hardware to determine who "owned" any particular memory page, and block access to programs that were not entitled. Similarly, programs could only access vital capabilities through operating system calls, which checked your credentials very thoroughly, unless the program was deliberately authorised by you (which you did not do without cast-iron justification).
Does the Wintel architecture offer any equivalent? If so, why aren't M$ using it? Why isn't the US government demanding it, as they did for MVS?
Quoting CDDL or infact GPL where that particular quote was lifted for the CDDL isn't really any mark of the quality or lack thereof of the software. Free (as in freedom) software has always been provided with no warranty or salability or fitness for a specific purpose. This is intended to protect the developers from users with lawyers, and therefore remain in the non-litigious users best interests. eg. Microsoft discover a bug in Linux, then sue the hell out of the foundations that support it because the bug wasn't fixed within the warranty period, therefore killing a competitor out right.
I think you'll find that the other SUN licences for their enterprise software stack actually categorically state that the software is maintained in the highest context of security and is provided with guarantees to that effect. The mean time from bug to fix is a couple of days with SUN, and is too with Linux and other GPL software, I remember a specific Samba bug that was fixed and shipped to distributers in under 4 hours. I doubt microsoft could even achieve such a feat of out right hacking.
The SUN Guarantee states that they will endeavour to fix security bugs within a very tight time frame (even if the software isn't theirs) as long as a licensed user has reported it directly to them. Unfortunately its not easy to find the license on their site, although it differs dramatically from their CDDL open source license. Microsoft make no offers like this to their business users, if I complain to the microsoft two way email address about the horrendous way security is handled in for instance IIS, all I get is a nonsense pre-prepared corporate gumf about how great their software is. If I complain to SUN, someone will call/email me and get me to detail the problems, provide a proof of concept exploit or logs/backtraces of the issue if available, otherwise they will go bug hunting on their own. I believe IBM still use the same behavior and so do Novell/Redhat and many others. Microsoft is the odd one out here.
Some people have taken me to task for being unkind to altruistic Open Source Software (OSS) developers providing free software in their spare time - as I'm apparently expecting them to provide a "fitness for purpose" warranty too.
Well, no, I'm not. And there's a comment in here as to why the CDDL might have that disclaimer (although I'm still not happy with it). However, although my primary target was conventional vendor software - I would include also any OSS used in a commercial business.
I should have made it clear that if you take on OSS for free and don't take on a support contract, you can hardly expect a "fitness for purpose" warranty - sorry.
But, then, you probably shouldn't use software like that in any sort of business critical systems where you'd need to invoke a "fitness for purpose" warranty - unless you accept the whole risk of supporting the software in-house, which avoids the issue.
If you pay for support for industrial strength OSS like JBoss, I still think that you should expect it to be "fit for purpose". Of course, defining what "fit for purpose" means in detail won't be trivial, but I'm sure that software companies could cope....
i work with ibms lotus notes product and i can tell you IBM are just as hopeless any anyone else.
try calling them up to fix an issue and being told i wasnt a blue chip client and they refused to fix the bug, which apparently has been known for 3 years and the last 2 generations of the product!
match that with all the empty promises of new tech that just doesnt perform or performs but only in very specific conditions. - give me M$ over IBM any day!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
