[ARTICLE] M$ to block SP2 for Win XP pirate users

Mark Newton newton at atdot.dotat.org
Wed Jun 9 04:30:16 CST 2004


On 09/06/2004, at 1:23 PM, David Newall wrote:

> On Wed, 2004-06-09 at 11:16, Mark Newton wrote:
>
>> Armchair lawyers like to cast complicated issues in simplistic
>> ways, but that doesn't make their case any more legitimate.
>> There is absolutely no reason why liability can't be split,
>> with end-users bearing some of the burden and Microsoft bearing
>> the rest.
>
> Armchair lawyers also like to cast simple issues in complex ways.  This
> happens to be a simple question with a simple answer: Do Microsoft have
> an obligation to provide free XP upgrades to people who stole the
> original product?  The answer is no, they do not have to provide that
> upgrade for free.

I think we've pretty much established that that isn't the question
at all.

If that was the question we were debating, then this conversation
wouldn't have started in the first place.  The only reason we're
arguing is because the issue is wider in scope than the
oversimplification you've stated here.

>> I could equally suggest that the day MS has an obligation to clean
>> up the Internet pollution they've caused is the same day that
>> Union Carbide has an obligation to clean-up the towns in Minnesota
>> which have been rendered almost unlivable by lead poisoning...
>
> Are you claiming some parallel between the wastes from product
> manufacture and spam?

No, I'm claiming a parallel between the unintended consequences
of a product's deployment and the responsibilities the product's
manufacturer bears for cleaning up the mess.


>  Microsoft didn't create the spam; marketing
> people and bored, pimply-faced youths did.

By providing a platform which is routinely and easily compromised
by spam-cannon viruses and worms, Microsoft's software designs
and (self-confessed) shoddy security history has aided and abetted
the marketing people and bored, pimply-faced youths.

You seem to exist in a weird cuckoo-land where responsibility and
liability only ever rests in one place.  Because, you say, marketing
people and bored, pimply-faced youths have created spam, that must
mean that nobody else bears any responsibility for it at all.

The real world works differently, David.  In a real society
responsibility for shared problems is also shared.

If you shoot someone, you'll bear full responsibility for it.
If you shoot someone because the gun you happen to be holding
is poorly designed and goes off by accident, then the gun
manufacturer will also bear some of the responsibility.  By way
of response to one of your analogies, society *WILL* expect that
gun manufacturer to rectify the poor design, recall the original
guns, and replace them with better ones for free.  That's how the
real world works.

Turning back to the Internet:  Microsoft seems happy for end-users
to suffer from defects in their software.  They also seem happy
for people who aren't end-users to suffer.  They also seem happy
for ISPs to carry the costs (storage, bandwidth, anti-spam and
anti-virus scanning, blah blah blah).  They also seem happy for
Governments to carry the costs (anti-spam laws, prosecutions for
the authoring and release of viruses, etc).

It seems that the only people who shouldn't bear any of the costs,
in their view, are themselves.

Who'd-a-thunk it?

> Do you think Union Carbide
> have a responsibility to clean up after I throw one of their batteries
> on the ground?

No.  But I think they have a responsibility to clean up the town
that's 20km downwind of their manufacturing plant after running the
plant for the last 40 years has rendered the town unlivable.

... or would you say it's the residents' fault for living in a
place which they know is downwind from a Union Carbide factory?

>> Your argument, simply stated, is that MS shouldn't be expected to
>> provide free patches to people who have ripped them off.
>
> Almost correct.  My argument is that MS aren't (not "shouldn't) obliged
> (not "be expected") to provide free patches to people who have ripped
> them off.

Close enough.

>> But the point which has been repeatedly put to you, and which you
>> have repeatedly ignored (to the point of deleting it from material
>> which you have quoted back in continuations of the discussion) is
>> that security patches *AREN'T PUBLISHED SOLELY FOR THE BENEFIT OF
>> THE PERSON WHO IS INSTALLING THEM*.
>
> So what you are saying is that Cisco have an obligation to provide free
> upgrades to IOS.

In case you haven't noticed, David, Cisco **DO** provide free upgrades
to IOS when security bugs are uncovered.

As far as I know, Microsoft is unique in the world of software
vendors by not providing free security updates.

>  Further, you are saying that gun manufacturers, who
> come up with an improved safety mechanism, have an obligation to 
> provide those upgrades for free, too

We've covered that:  In the real world, if the safety update is
to fix a demonstrated problem, you can bet your right testicle that
the gun manufacturer will be obliged to provide the updates for
free.  If they don't do it voluntarily, they'll get forced to do it
by a court.  I don't know what universe you're living in if you think
that isn't going to happen.

If, on the other hand, you're talking about a feature enhancement
or some other kind of optional upgrade, then I'd agree that nobody
should be compelled to provide it for nix.

... but we're not talking about that, are we?

>> They are also installed for the benefit of the global Internet
>> infrastructure -- i.e.,  third parties like you and me.
>
> I think you are confusing, "they are installed for the benefit of the
> global internet", with, "the global internet also benefits when they 
> are
> installed."  I bet, if you asked one hundred random XP users, that
> almost none of them would say the reason they install patches is to 
> keep
> the internet safe.  I bet they almost all would say it's to keep their
> own computer safe.

I bet if you asked one hundred random XP users, ninety of them
wouldn't have installed any of the patches and wouldn't know what
you're talking about.

Many of their computers would be quietly relaying spam and copies
of viruses to all and sundry, whether they're aware of it or not.
Some of them might notice the reduced performance, but almost none
of them would realize that they're one of the raindrops which
is responsible for the spam flood (if you can have a spam flood :-)

Meanwhile they'll keep shelling out $50 per year for anti-virus
software and shrug their shoulders as if to suggest that that's
actually a *necessary* part of being online, oblivious to the fact
that the only reason they're paying that money is because they're
running Windows.

Individually, personally, whether or not SP2 is installed probably
won't make a lot of difference to those people.  They don't care
whether they are infected with worms or not, as long as their
internet link still goes fast, none of their files get deleted,
and their applications keep working.  Spammers are clever enough
to make sure those conditions are met when they turn wormbots into
open relays.

But I care, and you care, and everyone else on this list who is
routinely bombarded by spam and viruses cares.  It's a global
problem.

Solving the problem is a bit like inoculating a society against
a disease:  you can only successfully eradicate the disease if the
inoculation is widespread.  Injecting one or two people won't make
an impact, injecting everyone is obviously impractical, but
there's somewhere in between where the disease can be completely,
totally, 100% eradicated from the biosphere forever with somewhat
less than 100% of the population immunized (e.g., Smallpox).

If large numbers of the population are prohibited from receiving
the inoculation, society as a whole suffers, because the disease
is never eradicated.

What you're advocating is withholding inoculations from a
substantial percentage of the Windows-using population, in order
to protect MS's profit motive.

Just so we're clear here:

Providing SP2 to everyone doesn't cost MS anything more (they've
already produced SP2, the cost of releasing it to everyone vs
the cost of releasing it to a select few is the same).

An argument could be mounted to say that the increased network
bandwidth utilization required to distribute it to everyone *WILL*
cost MS more.  To the extent that that's true, my argument is that
they should do it anyway, as the means of shouldering their share
of the responsibility for creating the problems SP2 is intended to
solve.

   - mark

--------------------------------------------------------------------
I tried an internal modem,                    newton at atdot.dotat.org
      but it hurt when I walked.                          Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----



More information about the linuxsa mailing list