Security costs money to constantly keep up, requires teams to be allocated 24/7 to test for vulnerabilities, keep track of malware out in the open, etc.
It costs money to make things secure, moreover its one of the major features which enterprise is actually willing to pay good money for, or else they’ll go for lower tier.
I get how it sucks that not everyone gets great quality security for no or low cost.
But this is a world where most people do not respect software developers work, where most b2c consumers are happy to pay $10+ per DAY on a cup of coffee but not willing to spend $10 on a software PER MONTH, that they use everyday that improves their life and work.
Idk, it takes effort for people to keep apps uptodate with OS upgrades, maintain libraries, fix bugs, fix security issues, keep battery usage low, improve performance, support a 110 different screen sizes with different android and ios version, desktop apps, web browser, whatnot.
Yes you need to pay for work, if it was cheap to have great security, some other software would have already started winning all enterprise deals.
It takes money to keep software running, microsoft would have been happy to get the PR boost from offering great security for free for everyone, they must have figured people wont upgrade to higher offerings if they do that. They already give a lot of great tools away for free.
Someone needs to pay for the work, its not like the software is that expensive, its nominal in most cases, especially if you look for good deals.
Im saying it as someone who hates microsoft uses linux and stays away from any major microsoft product except github.
You're arguing that security shouldn't be free, while the article is arguing that security shouldn't be a paid add-on to a service for which you already pay a lot of money.
Did you even read the article or at least open it, or are you just mindlessly jumping on the Microsoft hate bandwagon? The security topic on the article is not about Windows here.
And even if it were, absolutely all operating systems have security holes most people and the manufacturer isn't are of, aka zeros days. Even Linux has backdoors the community is shocked to uncover by accident from time to time.
If we expect all software to have zero security vulns, nobody would ever write any software and we should all go back to using typewriters and messenger pigeons.
> where most b2c consumers are happy to pay $10+ per DAY on a cup of coffee but not willing to spend $10 on a software PER MONTH
You can see where the money goes for the first, planting and farming, physically transporting beans across the world, processing them, physically making and handing you the coffee.
Bits in a screen that someone just comfortably typed and then pressed a button to ship is not as valuable. On the other hand, even if you can charge much less for it, you can charge it to everyone in the world for pretty much zero additional cost. So I wouldn't complain with the tradeoff.
I pay ~$200 USD for a Windows 11 Pro license, usable for the life of the machine if it's an OEM license and for as long I live if it's a retail license. That's basically nothing over a sufficiently long timeframe.
I pay $70 annually for Microsoft 365 (read: Microsoft Office), that's ~19 cents per day. That's practically nothing.
Commercial licenses are more expensive, but businesses will have bigger budgets to match.
I guess what I'm trying to say is: At some point you'll come off better just admitting you're a cheapskate who doesn't want to pay for software.
I agree, but would add this: I think turning buying an operating system into a push-your-luck video game with serious, real-life, negative consequences is bad. Average consumers (and many contractors) are not equipped to evaluate the risks they are taking on with this stuff, and the marketing puffery is impossible to decipher even for people who do this for a living.
You can be mad at human nature or you can try to understand it. The peoples of the world didn't decide to start an anti software cabal and fake less willingness to pay. So if they do have less willingness to pay, how do you explain it without a useless mental crutch like "they are too cheap"?
Of course there's many costs, datacenters aren't free. The point is what a normal consumer psyche is going through during the purchasing moment.
If you don't want to pay for software, that's fine because that's your money and your prerogative.
But if you are feeling a need to lay out excuses to justify yourself, that is just pathetic to witness. Just say you aren't paying for software rather than claiming programming isn't valuable work.
As for normal consumers, they just pay up and go about their day: A fair price for good software that satisfies their needs and desires. There are more people out there buying Windows and Office than there are people freeloading off of Linux and LibreOffice (and much less people who "pay" for Linux and LibreOffice by contributing back).
"cheapskate", "freeloading" - you're not really hiding your contempt for people that don't want to pay for Microsoft products. There's a myriad of reasons why companies, public institutions like governments and universities pay for Microsoft, and it's not 100% based on merit.
In one example, the Government of Quebec was successfully sued because of how it preferentially used Microsoft products _without allowing alternatives_ in their contract bidding process [0]
Leaning on "free software users are cheapskate freeloaders" and framing it like Linux is lower quality than Windows because of money spent is a reductive view - it depends entirely on what you use your computer for.
You should read to whom and what I am replying to first:
>Bits in a screen that someone just comfortably typed and then pressed a button to ship is not as valuable.
This is a guy who argues that programming is not valuable work compared to a cup of coffee, as justification for his refusal to pay for software.
That, as far as I'm concerned, is a cheapskate and a pathetic one at that.
Programming is valuable work and some programmers want to be compensated in coin for their work. Not all users will want to compensate in coin or even compensate at all. These are both fine. Devaluing the former to justify the latter is not fine, and is what I am attacking.
I don't argue it. The behavior of consumers shows it. I'm just noticing it and sharing my observation which you're free to disagree with, but I think digging on this rather than calling our customers cheap will only advance our cause. You should learn to separate the person from the argument.
I'm talking about general attitudes of consumers of software as a software developer that depends on people buying software to pay bills. You kept trying to make this about me personally not paying for software when you have no idea where I spend my money on - rather than address the fact that people do have less willingness to pay for software. Do you think you'll be more or less successful at selling your software if you understood your buyers more and call them cheap less?
I'm not sure from where you are concluding that people are less willing to buy software. Most people buy Windows, Office, Adobe's suite of programs, video games, and much more enough for there to be a burgeoning market.
Of course, I agree a lot of techies and especially the audience here (who aren't normal people for conversations like this) don't like buying software, nor selling them for that matter. Actually, sometimes I get the impression they hate the very concept of money, but I digress.
Security vulnerabilities are faults in the software product, in no other industry do we accept selling a faulty product, and then being forced to buy a subscription to have those faults fix.
Would we accept that a car that explodes if someone whistles a certain tune near it as "just a bug"? And also accept paying to patch that bug?
Cars are a poor example. There are some pretty wild safety issues in the car industry.
In the U.S., energy efficiency regulations are weak, so car companies push huge SUVs and light pickups as the "perfect" family vehicles. These things are massive and not crash-compatible with normal-sized cars. If a big SUV hits you, you're in more danger than if it was a regular station wagon. Plus, those off-road capabilities mean they can hop a curb and take out a pedestrian. And the insane height? It's a nightmare for visibility. You can't see kids or pets in front of you. That's led to some awful driveway accidents.
"Fully self-driving" cars aren't really self-driving, you still need to keep an eye on them, but the marketing suggests otherwise. A few self-driving cars occasionally emergency brake on a highway. Big modern touch screens in cars look sleek, tactile controls offer a safer and more intuitive way to adjust settings without taking your eyes off the road. Some cars such as the Fisker Ocean are unnecessarily unreliable, where the gear, brake, etc. system casually stop working while driving, asking you, the driver, to take a mental note of that and to please not shift gears for a while, for example.
And don't get me started on car lights. Why is it that brake lights and turn signals can both be red? Why is it that they can share the same light? It's a mess. Then there's the remote control features with garbage access controls. There's been cases where someone remotely turned off a car's engine while it was driving. Talk about a scary security vulnerability.
"Buy the new Red-Balloon-Special warranty package - when your car explodes and you survive, we'll send you flowers and red balloons straight to your hospital room, and a refurbished car will be waiting for you as you get released from hospital care. But wait, there's more - a free fire extinguisher is included, in one of five funky colors of your choice!"
I'd say that we're duty-bound, not to knowingly release insecure software, or at least, put big red "cigarette warning" labels on the packages.
If the only way we can make cheap software, is to make insecure software, then maybe we shouldn't be selling cheap software.
It's a conundrum. If we don't sell cheap stuff, someone else will, and eat our lunch.
That's one reason that a regulated industry is sometimes the only solution (an unpopular stance -as evidenced by the almost instantaneous reaction to this comment).
I wonder how this would look in a lawsuit. Claiming that a company is liable for security flaws in their software is a lot easier when the company sells solutions to those security flaws as a premium product.
politely disagree -- this framing misses an orthogonal component.. purpose.. a simple example is a desktop publishing app on a desktop computer. Minus complicated fringe cases, the purpose of the software and its setting are not really related to security in the way that communications on a network are related to security.
The furor and obsession with networked communication has obscured simplicity in so many cases.
Pretty much this. If you don't want to pay Microsoft a subscription for extra security, your are free to build you infra from scratch using a 100% FOSS stack and do your own security over it including hiring dedicated security experts to keep on it 24/7. See how much that will cost you.
It costs money to make things secure, moreover its one of the major features which enterprise is actually willing to pay good money for, or else they’ll go for lower tier.
I get how it sucks that not everyone gets great quality security for no or low cost.
But this is a world where most people do not respect software developers work, where most b2c consumers are happy to pay $10+ per DAY on a cup of coffee but not willing to spend $10 on a software PER MONTH, that they use everyday that improves their life and work.
Idk, it takes effort for people to keep apps uptodate with OS upgrades, maintain libraries, fix bugs, fix security issues, keep battery usage low, improve performance, support a 110 different screen sizes with different android and ios version, desktop apps, web browser, whatnot.
Yes you need to pay for work, if it was cheap to have great security, some other software would have already started winning all enterprise deals.
It takes money to keep software running, microsoft would have been happy to get the PR boost from offering great security for free for everyone, they must have figured people wont upgrade to higher offerings if they do that. They already give a lot of great tools away for free.
Someone needs to pay for the work, its not like the software is that expensive, its nominal in most cases, especially if you look for good deals.
Im saying it as someone who hates microsoft uses linux and stays away from any major microsoft product except github.