this post was submitted on 07 Aug 2023
904 points (99.9% liked)
Technology
37757 readers
724 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As a software developer I have sympathy for this business model, but of course pricing has to be reasonable. A piece of software is a continuing social responsibility for the developer to fix new security issues, incompatibilities and bugs. If you only get paid a one-off sum the maintenance can drain you. A continued time-based fee is more in tune with how the actual development cost pans out.
A continual stream of revenue is great, understandably. But I would much prefer it if I could instead purchase v.1.34 of a software and get updates until major changes come. At which point I'd still have my v.1.3x with all its functions but if I wanted the new stuff (and the security patches with it) I'd need to pay for v.1.4x. Corporations (that probably much more require the security updates than hobbyists) wouldn't see much of a change and hobbyists could have a good alternative to subscriptions.
That's not how developers see it. We have a responsibility to push security updates to you even if you stay on 1.3x, because if your machine is compromised it can be used to further attack others. It's similar to how people have a social responsibility to vaccinate themselves to protect others, but in the software world that responsibility falls on the software producers rather than you personally.
A big challenge here is that the cost and time required to develop and test a security fix is proportional to the number of software versions in circulation. So it's better for everyone if we can keep everybody on the latest version.
Why should that fall on the developer if you choose not to upgrade?
That's a question of political ideology. I can just say that right now that's what the general expectation is. Or at least, corporations get enough flak if they don't fix the issues that they feel compelled to take the responsibility and avoid badwill. But one could certainly imagine a law where individual users are liable for the malware running on their PC:s instead.
Personally I think it's good that developers take the responsibility, because there are too many users that will not upgrade and that causes a societal problem. For example, it becomes hard for banks to protect accounts when people log in using PCs that have tons of software with security holes.