Fri, 01 Apr 2005

So, class next week is on software liability. I can’t be there, but I thought I’d blog my thoughts in a nutshell since I have them anyway :) The basic question of the lecture is ‘should software manufacturers be liable for the quality of their software?‘ I used to think the answer was ‘yes’, because obviously we need higher quality software than we currently get, and the threat of financial damage is typically a great motivator. But I think I’ve changed my mind.

First off, as I’m sure many p.g.o readers are all too intimately aware, delivering an entire operating system is really damn hard. Delivering an OS is easier, of course, when you have thousands of paid staff who report to you thousands of paid staff who report to you (great link about the development of Windows Server 2003) instead of dozens, plus thousands of well meaning volunteers who unfortunately aren’t really on your schedule :) But yeah… delivering an OS is hard. At some point during the GNOME 2.0 release, I promised I’d never criticize Microsoft’s quality again. There are just too many moving parts, and too many conflicting goals. We accept that cars break down- they have tens of thousands of parts, and we are all very clear on what exactly they are expected to do. In contrast, operating systems and even many large individual apps have millions of parts (lines of code) and there is no clear consensus on what they should do- which means they end up trying to please everyone, never a great recipe for clarity or success.

Secondly, I think the reality is that this is not going away- you could legislate perfect quality tomorrow, but that would mean no one released an operating system for several years, at least, and it would be an operating system with no new features- heck, probably fewer. Getting better quality software is not a matter of trying harder- every OS vendor in the world is trying as hard as it can, I think, at this point, and realistically programming is less like engineering (producing the bridges and buildings we trust so implicitly) and more like art (producing stuff we argue about even when it is clear enough to understand.) So changing the laws to make people liable isn’t going to change anything, at least for the most egregious offenders. (With their resources, MS could probably spend more money, but this doesn’t actually work– adding more people to a late (or buggy) software project just makes it later, in most cases.)

So, given that the complexity of the problem is such that regulation can’t directly create ‘perfect’ reliability, and you can’t measure corporate intent in such a complex scenario (I doubt any modern OS vendor would fail to meet a negligence standard), you have to fall back on the market. Of course, we’ve been relying on the market in software the whole time we’ve been using software, and while it has given us lots of shiny new features (whether we need them or not) it has failed to give us reliable software. Why?

A couple reasons, mostly related to the software market not really being a true market. The information quality is very poor- even the companies aren’t good at quantitatively measuring software reliability, so the Consumer Reports and Car and Drivers of the software world can’t either. Software licenses that restrict the publication of test results are common, and make the information problem that much worse. Similarly, there is very little competition in the most important software niches, because of the strong network effects dominant providers can leverage. I believe strongly that the primary obstacle here is proprietary data formats. If Linux could guarantee doc import/export, and guarantee activeX/JS/IE-style rendering, there would suddenly be a lot more people moving or thinking of moving to us. But we can’t do that, and the situation is going to get worse before it gets better. And of course that doesn’t touch on various other anti-competitive issues that have been well-documented elsewhere.

So… my basic solution: regulate to fix the market. Guarantee open file formats (with government purchasing dollars, at least, if not with outright legal requirements), so that competitors can march into a market unimpeded by all the work that people have already sunk. Protect good information where-ever possible by restricting the rights you can give away in a click-through license, and by otherwise discouraging misleading advertising claims, like MS’s habit of quietly buying positive white-papers from analysts. Fight antitrust violations of all sorts aggressively, and monitor monopolies vigorously. Do all that, and competition will improve software quality, without slowing the pace of development by crushing the art out of software.

As an aside, just spent the past two hours reading gapingvoid, which I’d found and discarded when it was just the ‘art on the back of business cards’ site. It is now a pretty cool ‘marketing as conversation’ cluetrain-worshipper site, apparently responsible for the uber-cool bespoke blog. Tons of interesting links; best offhand one is this one featuring this quote:

[I]t’s essentially impossible to become successful or well off doing a job that is described and measured by someone else.

Also rocking is this image, sort of tied back into the quality part of this post.

Oh, and one last Grokster link, to one of the folks in line right behind me from Princeton, breaking down the arguments Justice-by-justice.