Hacker News new | ask | show | jobs
by hnnh44 2682 days ago
It would also seriously stymie innovation. If I risk having to refund an item when I push out improvements, I'm never bothering to push out improvements except bug fixes.

I'm also incentivized to release a new model every month with ANY improvement in order to limit my liability to a smaller window of revenue.

The current system isn't perfect, but it could be much worse.
1 comments
WrtCdEvrydy 2682 days ago
What's worse that thousands of pieces of throwaway hardware that don't get updates? How about thousands of enterprise systems where the security updates are hidden behind support contacts?

> when I push out improvements

No, if your software has a security issue, it's refundable. Write good software.

> release a new model every month with ANY improvement

Good, but that doesn't remove your liability from your last model.

link
joshuamorton 2682 days ago
>No, if your software has a security issue, it's refundable. Write good software.

There are 0 companies that can provide consumer software on the lifecycle consumers have come to expect without any bugs. You write software. Are you willing to claim that you can just "write good software" and never ship anything with a security issues?

Because otherwise you're advocating for consumer tools that use nasa's release cycle. Which like, that's cool and all but I don't want to rely on hardware from 2012 or 2005 running software that was developed from 2010-2014 and has just finished its verification process. You're advocating for a world where we just got the verifiably bug-free Nokia 3310.

And that doesn't even begin to discuss the clusterfuck that would be open-source in this situation. Am I liable for heartbleed because I use OpenSSL? Are the openSSL devs?

link
WrtCdEvrydy 2681 days ago
Same bullshit argument was made about GDPR and we survived that... there's just too much money to be made by outsourcing your shitty code's security bugs onto the customer.
link
joshuamorton 2681 days ago
Those aren't the same though.

GDPR is basically "you are liable if you are actively exploited and data is stolen". You're saying that a company is liable if they ship bugs, which the GDPR absolutely doesn't care about.

link
WrtCdEvrydy 2681 days ago
> you are actively exploited and data is stolen

Not even close, you are liable for keeping the data you collect as a data processor or controller safe.

link
joshuamorton 2681 days ago
And "encrypt data at rest" is most of what you need to do to comply with the GDPRs data security stuff.

Which again, is nothing like "write bug free code or you're liable".

link