This seems a hardcore case of moral damage worth at least some hundreds thousands dollars in a settlement or even suing some millions dollars out of them, doesn't it? Perhaps you should at least ask a lawyer before just humbly reporting the bug to them and forgetting.
Imagine if this wasn’t a bug, but a way to pull the wool over people’s eyes to walk back legitimate raises and stop the hemorrhaging from poor business choices.
Is there anything you can do in either scenario? It seem like one scenario invites legal scrutiny, whereas the other is just an an unfortunate accident, we’re so sorry about the bug…
If you lose anything because of the bug, find a good lawyer. I'm sure there are a few that would love to go after this CEO's billions. He should pay because he was paid a lot to run Intel right, and didn't.
If this bug would cause you any significant damages whatsoever, you're doing it wrong. Hard disks fail all the time. This bug is quite analogous to a harddisk failing. Backup everything that matters.
Even if you did somehow manage to lose enough money that the damages could bankrupt Valve (or even pay for your lawyer), I doubt you would win. Basically all software these days disclaims all warranties. This wasn't malicious or particularly out of the ordinary for this industry.
For 1k with such a clear culprit, isn't that worth suing, like in small claims with self representation (perhaps sitting with a lawyer for 1h to go over what you plan to submit and say)? Or at least talking to a human, since a "refund" of -7 sounds like another computer bug?
Jesus, that sounds like a nightmare! Hope you get it all sorted out. Probably even more expensive but any potential of suing the developer collectively with the other people? Sounds like they'll have annoyed a lot of people!
What kind of an agreement did you sign with your developers?
IANAL. You might be able to invoke some legal means to limit your losses. The associated-account story wasn’t an act of God. You might argue the developers should have known better. I’d suggest buying an hour of a lawyer’s time to see what can be done.
I totally get that that's how businesses are run now, and I'm sure that the OP would have to lawyer up and be prepared to spend time and $ regardless if he wants to pursue damages.
My argument is that the OP should have at least received a response from the company or have his/her concerns moved to the appropriate dept by the CS team, instead of being patronized by an autoresponder.
No. It's evidence that something was lost, but not a measure of the actual damages you suffered. Whose to say if you lost $100 or $100k? In the absence of the lost material there's most likely no way to demonstrate anything.
In this case some sort of statutory deterrent would probably be a much more effective solution. I honestly doubt that regulation is a good solution here though - bugs like this are so severe from a PR perspective that there's already a huge incentive to avoid them.
Legally obligated? no. It's not your system, it's not your problem in that sense.
Sure you can offer to fix it, but since you don't know squat about the system (save for a small flaw at the surface) and they have teams of developers who do, they won't be interested in paying you to fix it. Offering to explain the bug for a fee won't be blackmail unless you threaten to reveal the bug to others if they don't pay up.
Be a decent chap. Send 'em a nice letter explaining the problem. It's your bank, remember, and they're humans like you; work with your service providers to improve the service. Assume you're not the only one who knows about the problem, that someone who also knows isn't as nice as you, and it's YOUR bank balance that is at risk.
Beyond any other damage they did, they are wasting the life time and energy of the kernel developers currently sorting out this mess. To me, that is on the same level as locking them up in a room against their will. This could be considered a felony.
In any case, they should make up for the economical part of the damage they caused, that is be billed for the hours the kernel developers spend in resolving the matter at hand at a high market rate (and probably above for punitive damages).
So, they apologize. I'm sure the damage inflicted is noticable, will PayPal cover that?
And this is the problem of the modern service industry: they never stand in for damages, even if the damage is inflicted through a wilful decision. As a client, you are at their whim.
Not a question but just a word of advice to be careful.
What you did could to a layperson be construed as intentionally exploiting a bug in their software with the result that you're now intercepting requests from unsuspecting customers of theirs, and getting data via your logs that in some countries falls under privacy laws.
Depending on how big of an embarrassment this turns out to be for them and how well funded their legal department is this might not turn out to be hassle-free for you.
reply