Slashdot Mirror
Calling Software Reliability Into Question
phillymjs writes "CNN is running a story on software reliability, and how the lack of it may cost more and more lives as technology creeps further into everyday products. It appears a debate is finally starting amongst everyday (read: non-geek) people about vendor liability for buggy software. Some opponents of the liability push are unsurprising: Says the story, 'Microsoft contends that setting [reliability] standards could stifle innovation, and the cost of litigation and damages could mean more expensive software.' The article also says, however, that consumers' favortism of flashy products over reliable ones is partly to blame for the current state of software."
I like what Microsoft has been doing qith security these days, quite frankly. The new security features in Windows Server 2003 look innovative and very modern, and quite easy to use.
Linux may be secure when configured correctly, but Windows Server 2003 looks to be the most secure OS out of the box at the moment.
Abortion is advocated only by persons who have themselves been born.
--Ronald Reagan
...could reliability standards stifle innovation? How hard is it to design something that works well and is extremely robust, yet, be creative and innovative in its design?
Next they will be saying that poor security= innovation!
Wait its true?!!!!!!!!! AUGHHHH THE NIGHTMARE BEGINS!!!
Don't Tread on OpenSource
So...basically people are just finding out now that not all software is as perfect as it is intended to be?
Great..I'm gonna have to explain this one to my parents...
The anti-salmon
It is, but monday was just not long enough ::)
You know it makes sense, a little reminder from jointm1k.
The trouble is, the more accustomed users become to bugs, the harder it is to get them reported and fixed. If my computer crashes, I just reset it and get back to work. I don't bother to investigate what caused the bug, to try to reproduce it, to contact the vendor (hah!) and try to work out the problem. Crashes occur much too frequently for that.
OTOH, if computers were reliable enough to crash only once every few years, then users might report every crash that happens, the vendor can diagnose it, and fix the bug or family-of-bugs so that it never happens again. This is roughly what happens when a mainframe crashes, I believe - it's a big event.
Imagine if when your microwave crashed, you could call some hotline, they would come and replace the microwave and take away the old one for analysis. Instead, even on complex software systems the standard first resort for the help line is 'reboot and see if it goes away'.
-- Ed Avis ed@membled.com
I agree. Users want cutting edge, not reliability.
Hence Debian is less popular than you might expect.
What's wrong with flashy stuff for somethings? I like flashy (i.e. sometimes buggy) software for my laptop. I don't mind if my beta-version browser crashes once in a while because I get the new features.
My servers, OTOH, are another story. I wouldn't use anything but Debian (for linux, that is) because it is incredibly stable. My two Debian boxes on woody stable run 2+ yr old software. Guess what? They don't crash. I didn't upgrade from potato right away, but waited a little while.
Consumers are generally willing to accept more buggy software because they don't run servers. So what if Word crashes once in a while? Most consumers are so conditioned to it that they don't think another thing of it.
I realize that mail servers, electricity systems, and space probes need stable software, but most consumers don't administer these things. They use browsers, email, and cell phones that don't cause (much) physical harm when they crash.
Remember, one thing M$ does well is pay lawyers.
Consumerism and the pursuit of the most pretty product has been a thorn in the side of every industry for years. Remember, people spend years of their lives dedicated to mastering to the science of marketing, to make the average (stupid) consumer buy what he doesn't need. That is the fuel for capitalist economy. When people are too scared to waste money on things they don't need due to flashy lights and pretty pictures, recession enters here. "God Bless America."
Of course, more deaths are caused by human error than by bad software, and modern society would be unthinkable without Web servers, word processors and autopilot.
(this confuses me. isn't bad software a *kind* of human error?)
seems like wide beta testing and open source code provide a better solution than enforcement of reliability standards and liability for bugs.
IMO if a company is unwilling to supply you with the source code (under whatever license) to let you see and fix problems that exist they should have no possible exemption from litigation, no matter what POS EULA they persuade you to sign.
They are asking you to place your trust in them that their code is good enough to bet your business on. If their software is not all it's cracked up to be and you had no chance to check their claims (but instead had to take their word for it) then they clearly are responsible for breaking their word.
Unless they told you that it was a buggy product that you couldn't rely on in the first place... now that would make for amusing adverts.
(Can you imagine Windows boxes with cigarette-health-warning style labels on them saying "The Computer-General warns that this product may be bad for your business.")
Beep beep.
The company with the most to gain from this (with its unique cash reserve - Microsoft) is the company most in opposition...
Yes, I said it. I'll say it again. Microsoft could gain *alot* from this movement.
With their resources, they are the ones that could easily afford a true source-code audit the likes of which the BSDs are only beginning to approach.
They could build an operating system that fully, completely, and truly matches the concept of "secure by default" and they have the resources, manpower, and ability to do so.
But, instead, they oppose it. Building a secure system is against corporate culture, so they won't do it.
Thanks xBSD!
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Isn't the trend towards "flashy products" rather than reliable ones the same reason why current marketing pushes sex rather than product qualities (Pepsi, A&F, etc), movies flaunt big-name actors and actresses, and people won't go see a movie unless it has a high PG-13 or R rating (PG? It's got to be boring). This is the same reason why Legos now has 3-piece dumptrucks and 8-piece Hogwarts castles. Why is this? Dumbed-down education? Why is it that people have just started to gobble up whatever the media tells them rather than understanding what they need for themselves. *sigh* What's society coming to?
I hate liberals. If you are a liberal, do not reply.
I've often thought about how many products use simple programs and stuff to run correctly...like traffic light systems...right now they work pretty well and everything goes together properly. However, the day that cities decide to have a central server run the traffic lights so they can...say, control traffic around accident areas...things will go wrong. The "foolproof" software will cause all sorts of problems.
I don't see this so much as software causing problems as much as the tendency we have to make what used to be simple things really complicated. One example I have in my life is a train system that runs around inside a building by the ceiling at a camp I work at. The system looks really nice..and it could work well. However, having a couple of electrical engineers volunteer their time to make the system made it very different. Now, what could have been a simple on off switch is a whole panel with an LCD display and all sorts of error lights and little IR detectors on the track to make sure the train is in the right place. It is a geek paradise...but the train NEVER works. Despite all the fancy assembly code they have running the whole thing, it doesn't work. An on/off switch would have worked..I'm certain of it!
As we complicate more and more appliances with complex software, there are going to be more problems. Heck..what's gonna happen next time your toaster oven timer crashes...you could burn down a house!
The caveman had something going for them...
The anti-salmon
Microsoft, accusing something of stifling innovation?!? Oh my god, my sides... they're splitting...
FUCK IT G!
Jesusgeeks!
Poor programming practice to save a few bits here and there led to millions of dollars in cost for software fixes and updates. A classic case of bad programming leading to even worse events down the line.
take off every sig for great justice
And Bill Gates turns to the CEO of GM Motors and says, 'Why is your technology moving so slowly? If you advanced at the same rate as we do, we would have flying cars by now!' Immediatly the CEO of GM turnes to Billy and says, 'Because the government doesn't allow us to build cars that crash 4 times a day.'
I'd say that most non-geek users are completely ignorant of software reliability. A computer just has errors. They have grown to accept that. To them that's why they have a warranty and that's why tech support exists. The typical windows 9x users believes that a restart is the natural second step to every click or change they make. I knew a girl that thought an illegal operation meant she could go to jail (for what she did not know.) So the first step in making software companies more reliable and more accountable is educating the common users. If people know what they are getting is bad their excuse wont be that Dell sold them a shitty computer, it will be that Software Maker X sold them buggy crappy software. Until then companies like Microsoft will run-amuck.
-SpamTroll sez you cannot hide from spambots NO MORE!1!
I'd really like to see an ice cold mug of piss. Like real frosty piss. I would like that. Thank you.
Just noting that the regulations in UCITA give you the worst parts of liability and disclaiming against it... The bill states that software companies must warranty their software's performance -- but says that they can disclaim that warranty in their license agreement.
So what does that mean? It means that companies like Microsoft can ask their lawyers for the appropriate legalese to have no liability against their software fuck-ups, but some hobbyist who coded up something and stuck it on their web site may be sued because their software malfunctioned.
Now THAT is stifling innovation.
I think regulation would be a BAD THING. Especially for Free Software (since almost always there is no warranty). On the other hand, if the government wants to get involved, it should sponser fair software testing and encourage distribution of information related to software reliability.
In many (most?) cases Free Software will be more reliable. Let the market have the facts, and if people want dangerous, flashy software, give them what they want.
In the mean while, I'll stick to Debian.
jabber: johnynek@jabber.org
Bad code can be more than costly. Sometimes it's lethal. --The $165 million Mars Polar Lander probe was destroyed in its final descent to the planet in 1999, probably because its software shut the engines off 100 feet above the surface.
I didn't know the Mars Polar Lander was a manned mission.
Had it been a manned mission - there would have been a greater demand for reliability and the metric vs. imperial measurement problem would have likely been caught. You get what you pay for.
Moreover, how innovative has MS (or anyone else) been about reliability? Adding new features like embedding full-length motion pictures into Word documents (apologies to Neal Stephenson) is one kind of 'innovation,' but it comes at the cost of gains in stability. One could argue, and people have, that most commercial software is derivative anyhow, and its mass adoption has stifled opportunities to create more stable products.
And finally, do we really need that many new twists on things? I'm not saying stop research or trying new things, but mainframes running COBOL code have been hosting most of the world's financial and business information for decades, and they are legendary for their stability, with low incidence of data corruption and uptimes measured in years to decades.
"Hardly used" will not fetch you a better price for your brain.
Not to worry, the same article will be posted on Slashdot again tomorrow, possibly sooner.
-SpamTroll r0x0rz j00!
10 steps for builidng a successful software product:
1) Fire half (perhaps all) of your programming staff. Most of them don't know know the difference between a heap and a stack, don't have a clue beyond the Java language, and if faced with the prospect of learning x86 assembly language, they'd faint.
2) Hire people that *do* know the difference between a heap and a stack, perhaps have written in some assembly somewhere (even if just in college), and have figured out how to use a few more languages besides Java.
3) When doing #2, ignore college degrees. Whether or not someone has one doesn't indicate whether or not they're a good programmer, at least until our the majority of our school system can actually teach the *relevant* skills.
4) Plan. Plan. Plan. Document. Plan. Flowchart. Plan. Plan. Discuss. Plan. Discuss. Plan. Document. Plan.
5) Code.
6) Discuss. Test. Fix. Discuss. Test. Fix.
7) Refactor
8) Repeat 6-7 until all the software has been reduced to the simplest, most error-free possible codebase for its functionality.
9) QA. (Yup, this happens *after* the testing in (6)!)
10) Ship.
-- sigs cause cancer.
"It always takes us by surprise when the rocket blows up or the ATM goes down," Guttman says.
That was Microsoft all this time? Wow. I guess I shouldn't feel so bad when my workstation acts funny. Just one reboot and I'm back to work. But if my workstation blows up, I'll know who to blame.
A programmer is a machine for converting coffee into code.
Debian!
Or, if you speed and on the edge AND reliability...
Gentoo!
So Frontline has a great 52 min show on this exact thing - viewable on line! (Personally, I copy out the links in the html and watch it in RealPlayer or Quicktime, but whatever suits ya..) It's called Cyberwar. Interviews with white house/govt types along with a cracker and an M$ guy. It's got more of a 'war' slant, but nonetheless, pretty relevant. Check it out here
Ah, gotta love Frontline..
The story also specifically proposes holding vendors legally liable, and in some respects I half agree with Microsoft on this one. At the very least, any legislation would have to be very well designed.
If I write software freelance (as many people here do), I want to be able to give it to people and tell them to use it at their own risk, because with a complicated product I can't be bothered to go through all the rigours of testing every conceivable thing that could go wrong.
Unlike something like bridge building, software just hasn't reached the stage where anyone actually knows how to do it safely. Trying to force people to do it safely just isn't going to work in any feasible way.
If there's ever going to be legislation in place, I think it needs to begin by focusing on the methods that software vendors use to impose licenses on their customers. In the end, it's the shrink-wrap end-user licence agreements which customers have no say in that tell people they have no rights to expect anything from the software -- including what it's supposed to do, and even though they might have paid thousands of dollars for it.
Normally everyone has different requirements from a piece of software, and everyone has parts of it that they consider more important and mission-critical than others. Customers should be able to negotiate what's important to them with software vendors.
Exactly what the rights of an end consumer are regardless of the licence, and how much can be claimed under various circumstances, needs to be properly established. Just as importantly, businesses need to be stopped from putting silly and mis-leading agreements on their products.
Everyday is "Bash Microsoft" day at Slashdot. But subtlely is not a skill ever really displayed here. At least, not regarding bashing MS.
Manipulate the moderator system! Mod someone as "overrated" today.
latedecember.com Blog for Software Testing, Bugs, Quality, Security and Stability.
"The idea that we depend on something that's inherently untrustworthy is very frightening," he says.
This is such crap. Software is not inherrently untrustworthy. The fatal incidents cited all appear more due to human error rather than software bugs, as has happened since man started building machines.
If software was so inherrently buggy no one would get on a plane or dare trust a traffic control signal.
As for making manufacturers liable, you can but I would expect a negatibe response rather than an improvement. I am in favour of anything that improves software quality but I think what is most overlooked when people talk about 'buggy' software is logic errors, and misinterpretation/misexplanation of user requirements. If the developers/manufactures are to be held liable should we not then turn around and litigate against the subject experts who helped build the use case's?. What about the users who misuse/abuse their software causing unexpected results or loss?
If developers/manufactures do become liable then the insurance and testing costs will probably drive the price of software beyond the reach of the individual.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
I think a big problem is determining the question of who is liable: the person who wrote the software or the person who deployed it? I think software vendors can often successfully argue in court that the user "was trying to do something with it that it wasn't designed to do".
So long, and thanks for all the Phish
This is media hype. Critical apps have ALWAYS had to be reliable. If reliability becomes what consumers what then it will creep into non-critical apps. Unfortunately (someone already said this), the trend is toward "flashy products" not reliable ones. In the end the free market will make all products *reliable enough*. Software that makes my refrigerator explode? No. Software that makes my refrigerator more snazzy but spoils the milk every week. Still, No. Software that makes my refrigerator link to my PDA with a shopping list so I know what I'm out of, but spoils the milk one every two years? Eh, ok.
sig
I guess I've had a different experience with reliability than most of the posters here have had.
Given a piece of software that has both Windows and Linux versions, the Windows version is almost always more reliable/less buggy.
The Linux version usually seems to have been done as an afterthought, and most of the development work goes into the NT product.
I'd like to choose the Linux version everytime, but for most software, the Linux implementation just isn't there yet.
i remember seeing in the license agreement for windows you can sue them for up to $5. what more could one ask for?
..file for bankruptcy because you're paying people to do all this while not having a product to put out.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
As long as companies like Microsoft are around to pump money into lobbyist firms and election campaigns, we'll never see a software-reliability law that's actually beneficial to consumers.
I'm pretty much willing to settle for some sort of truth-in-software-advertising law... so when William H. Macy's voice tells us that Microsoft's server software is totally secure and reliable, it also has to tell us that Microsoft's EULA says that if this turns out not to be so, tough shit on you for believing it in the first place.
~Philly
Very true. If it werent for flashy junk, I wouldnt have to make a huge project to uninstall the million varieties of Hotbar's spyware.
However, on the server level, it will hardly be a consumer thing. If they install SkyNet, it probably wont be running a commercial OS.
Manipulate the moderator system! Mod someone as "overrated" today.
hardware suffers from this also. i had a conversation with a friend the other day, and we came to the conclusion that most hardware made after ~1998 has been 1/4th as reliable as hardware made before.
fuck innovation and agp 20x, i want my box to last more than 2 years and keep it from crashing every other hour.
Is that going to be Microsoft's response to everything?
It is certainly true that users place reliability very low on their list of priorities when buying products, but that does not necessarily means that they don't value reliability. It merely means that they take reliability for granted.
:-).
For example, the last time I filled in a car survey, I didn't put "does not explode when ignition key turned" anywhere on the form.
The problem is a fundamental one. There are way, way, way too many possible parties to blame. The only logical reaction for MS if such a law was enacted would be to immediately cease running any software that wasn't authorized by MS (with approriate fees, bars for competing programs, etc.), a situation that I imagine they see only in their fondest dreams. Legislation like this would be the perfect excuse. To be honest, even I would barely question their right to secure their system if they are going to be held responsible for its flaws.
As for the idea that open source software should be exempt - I doubt that you'd accept the idea that cars should be exempt from safety standard if they provided you with the blueprints
Another address for the bots!
-SpamTroll
I'm not entirely sure that new laws are the answer here. So far as I am aware, if someone commits a reckless act that they knew or should have known would cause injury or death to someone, isn't that already actionable?
My
Limekiller
Feel the wrath of SPAM!
-SpamTroll
Interesting reading, especially since they actually only studied two industries (and from the info provided it doesn't look like those two were studied in too much detail either). They then took the results from those two and extrapolated them to the entire economy. IMHO that just results in the findings of the 'study' being nothing more than an educated guess. Just how educated it is is anybody's guess.
What amazes me is that some shyster (pronounced: Peter Angelos) hasn't filed a class action lawsuit against Microsoft and everyone else. Seems like the money he could make on that deal would dwarf what he expects to get in the (bogus) cigarette lawsuit.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
So computers crash. And you know what? Cars crash everyday to. Few software bugs end up killing people, but crashing cars is one of the top killers! Why don't they make cars that can't crash? It could be done!
Get some perspective here people. Computers aren't made perfectly reliable because the free market says they don't have to be. And they don't. The cost of making bug-free software is much higher than the value of bug-free software. If you are going to argue the point, please take that energy and go save some lives by fighting for safer cars.
Imagine the liability law on software has been accepted.
Ok. I am an software creator. I just move to a different country, which have no such law,
and will continue to create and publish software. It'll just will bear clause in license: Not suitable for use where prohibited by law (US).
Whenever.
www.marxism.org
I started using computers ca. 1979, when my dad got a TRS-80. I don't remember ever encountering a single software bug on that system, although the hardware certainly had its problems.
But does that mean that quality is getting worse? The OS on that machine was on ROM, and was about 4 kb. A modern OS weighs in at many, many megabytes. It's possible that the number of bugs per line of code has actually been going down.
Another possible metric is how often the user encounters a bug. By this metric, non-OSS consumer-level software has certainly been getting much, much worse. I switched to Linux from MacOS, and my average number of bugs encountered per day went from maybe 5-10 to some number less than one.
Some things have definitely changed since 1979:
Find free books.
Why should liability be software or hardwar based?
If i design a system to move some gears via an operator pressing big electronic buttons as a mechanical engineery, why should an electronic engineer who designs a program to operate the gears be exempt?
We are both designing a system to do a job. As an electronic engineer, I make my system based on some OS, so either I or the OS manufacturer (which, I add, licences an OS, if it is used against the license terms, it is my liability) has the liability.
Don't be lazy allocating responsibility.
Actually, there was this one time when I was in the mountains with my parents that I really had to take a piss. It was really cold, and were were on highway 18 going up to Big Bear. My dad pulled over, and I got out to take a piss. I opened just enough of my pants to allow my tiny peter to stick out so I could piss effectively. Only, I miscalculated - and I pissed inside my pants. How? Well, I wasn't paying much attention I guess, what with all the cars going buy and the cold. So, there I was, soaked, in the cold. I got back in the car. My parents knew I had a problem, probably because it smelled like piss in the car. Good thing it was a rental. That reminds me of the time I was on an air plane. Basically the same thing happened. But this time, 200 people got to enjoy the smell of piss for 5 hours. Man, I'll never forget when the food trays came around. Lots of people were puking too. That was the worst. Puke and piss smell. It smelled like the mental hospital. That reminds me of the time I was at the hospital. That was fun. No one cared when I pissed my pants. They even let me walk around for hours with pissed pants. I guess I was pretty pissed, HAHA. After a while some guy in a white suit came over and told me to take off my clothes. Then he hosed me off, and gave me new clothes to wear - what service. Then I could piss myself all over again. Pissing myself is great - it's so warm and wet. It reminds me of being a baby. Baby's have it best. They can piss and shit their pants. I don't shit my pants because it's hard to get clean. But piss just comes right off with very little effort. It's nice to be clean again after pissing my pants. My bed has these plastic things that are like huge diapers. I don't have to wear a diaper because those things are always there. The hospital people tell me that pissing my pants is the least of my problems. I take like fifteen different pills for all my other problems. That sucks, because one of them makes me really jumpy. They tell me to take it when I have bad toughts. I think I'm having one right now. HAHA...that's a good one. My head hurts.
Indeed. In fact, Java is probably the greatest example of IT innovation in the last decade or so, and that was specifically designed to address security requirements.
Furthermore, the idea that the opening of the source is sufficient for the consumer to audit the code or absolve the developers of liability is laughable. Properly auditing software is very time consuming, complicated, and expensive. It is beyond the means of any individual consumer to audit all their software whether their name is Joe Schmoe or Lockheed Martin. I would argue that the mere opening of sizable application's code is like just letting the consumer open the hood up to their car (the status quo, even if you throw in the service manuals). Would you release automakers of liability just because they give you what they're giving now (opening the hood, manual, etc)? No. The reason is that, like software, most consumers cannot be expected to see the millions of little details that can lead to failure. They can't be expected to know the specifications that a particular joint was engineered to, even if they can see it, measure it, and even evaluate the material. Auditing CAN be done better by trusted 3rd parties--which makes opening the source code unnecessary and even risky in some cases.
I switched to Linux from MacOS, and my average number of bugs encountered per day went from maybe 5-10 to some number less than one.
Of course you encountered fewer bugs. Linux simply decided there was no need to disturb you with any mention of the fact that things were not going as you expected them to.
There might be something to the idea that consumers are to blame.
Disclaimer: IANAL
Most EULAs include denials of Merchantability and denials of Fitness.
This is usually the part of the EULA that is in all caps. (It was required to be in all caps by the state of CA in an effort to make sure people read it, but as an aside, I would argue that putting in caps almost guarantees that no one reads it.)
Now, could you imagine if you were about to drive over a bridge and there was a sign saying "By driving over this bridge, you acknowledge that this bridge is not warranteed for any particular purpose and the owner makes no guarantees whatsoever that it may do or not do anything."
Essentially translated: "This bridge should not be driven over by anyone for any reason whatsoever. If you still want to do that, stop and pay a toll!"
I don't think people would stand for that. Yet people accept denials of merchantability and fitness all the time in software. Those terms in EULAs were put there specifically because software makers back in the day were getting sued under product liability laws. It's rather shocking that people put up with it.
Never confuse feeling with thinking.
what we need is an independent organization to certify that a given program is secure, stable, reliable, etc.
company x would submit program y (with complete source code) to this independent organization to be tested and audited, etc. the cost of this audit would be paid for by company x. sure it would be expensive, but in return for this investment, company x would be able to say "yes, program y meets all existing standards for security, stability, and reliability."
so by making this a totally opt-in process, companies that apply for these software audits would benefit, consumers would benefit from better software, and free/open software developers could be left alone to produce as much buggy software as they want, knowing that they wouldnt be held liable. =)
Gyrate Dot Org - "Where high-tech meets low-life"
..the notion that vendors would be liable for *bugs they know about* has some merit. Think about it. If the large companies-we'll pick on MS because it's such a good example-were forced to fix bugs in a timely manner, then they would need to accept bug reports. They would also have to release bug reports as soon as they knew about them, ie, they couldn't sit on a critical exploit and let people hang out in the wind for months and months. Once a report was made to them, it would then become an official bug they couldn't ignore. They'd have two choices then, switch to open source to find as many bugs as possible in the shortest time, or keep paying claims forever because they ignored bugs. Either way they would release less of better quality, not really a bad idea. If they wanted to hire professional beta testers, so what? More paid jobs. I don't see that as being all that bad. Nope, I don't.
Open source -FOSS- is in a unique position because it's "free". There can't be any damages if you haven't paid for it, or at least that could be part of "the law" written into it.
Normally I'm against new laws, but instituting some sort of consumer protection should be in order, if these companies want to make serious profits all the time. There are very few examples of consumer products out there that have no liability at all attached to them. With just a short time reflection on it, I can't think of any off hand, just *some* software. Eventually it's going to happen, so better to sort it out now, it really should have been sorted out 30 years ago, IMO. I tell you what will cause it too, if it's not done voluntarily in advance and adhered to, the first uber killer mass virus or trojan that makes code red or slammer look like a case of the sniffles, a net-killer. You'll get ten times worse legislation out of washington if the software community waits until that happens.
I'd say it's bound to happen sometime, too. The article cites 50 some odd billion a year already in losses due to either bad or insecure programs, you have something bad happens that does ten times that in one day or something, you WILL see the mother of all knee-jerk reactions from "the software consumers".
Well, OK, say that "something" is needed - What would be reasonable, but still not stifle development? One would be outright sales of software, not just renting -licensing of software. You buy it, you OWN it. You get it at such and such a date, as of that date it worked as advertised, after that date, well, up to the vendor then, anything "new" that needs to be added is up to them, from free unlimited patches and updates to pay-for individual bugfixes and exploits as you go, forever. Could be a yearly lease thing, whatever. For-profit vendors would get on the ball pretty quickly then if they charged too much or it didn't work all the time. they'd be forced into auditing as the most important part of production. Hmm, is this a bad idea really? The software is sold as "works on this and this, won't work with that and that". Yes, that would make software developers tend to work around just a few pieces of hardware and one or two OSs max no doubt. It would also be very expensive. Very expensive. Maybe people would go to the no liability but free stuff then? And I can see various versions in between those two extremes.
Could there be set limits per incident? Perhaps. Max liability, perhaps.
How about classifications of software?
"Entertainments" might be of lower criticality (so less liable in terms of maximum cash) then say the pacemaker software, or auto-controlling software. "Communications" like browsers and email and chat would be in the middle someplace in those terms of criticality. If your business depends on UPS or FEDEX to ship widgets, and they constantly don't get there or they are smashed, those companies would be sued out of existence. but if your widgets are electronic, well? It's just your tough luck as the consumer then, the software and the infrastructure has let you down, but they all get to say
Forcing companies to disclose bugs in this way could only serve to allow users to make more educated purchasing decisions on the basis of software reliability.
Imagine that I wrote some software that I *knew* was buggy, and then sold it to a hospital or into another situation where people's lives were at risk. Imagine then that one of the bugs I knew about before selling the software killed someone. Why shouldn't I be responsible for that?
as a major fan and scholar of the "rambling insane monologue" style of troll post, I salute you. This post should be saved and treasured.
The real right answer is to move that 50% to testing, double project timelines, add diagnostics and plan for quality from the very beginning.
Like most everything else, this falls into a cost-benefit analysis. The Shuttle code, as many of us know, is perhaps the most high-quality code on the planet. Medical software ranks pretty highly as well (with a few exceptions). The script you put together to analyze hits on your corporate webserver was probably not given the same thorough analysis and attention. Why? Because if it fails, all it costs is some embarassment for you, maybe a little financial loss for the company if it based marketing/advertising decisions on your script's incorrect results.
In general, however, software quality is poor. It's usually one of the first things to get thrown out when the schedule slips (as it usually does). I would like to see higher quality standards enforced through an industry-acceptable mechanism.
-Thomas
Auditing CAN be done better by trusted 3rd parties--which makes opening the source code unnecessary and even risky in some cases.
I think you're conflating the idea of visibility and control. There's no reason that a 3rd party can't sign a distribution - this happens already. Of course, if a recipient changes the code then the certificate no longer applies.
Software is generally unreliable because we are not willing to spend the money to make it reliable.
Building a bridge may take millions of dollars and hundreds of people, but an equivelently sized software project has a handful of programmers and a ridiculously short timeframe.
Programming can be extremely complex, much more so than "bridge building". If we treated software development like a real engineering discipline, the costs would be astronomical.
Critical software has always been rigorously tested before shipping. For everything else I'm happy to suffer a few bugs for the sake of having things sooner and keeping costs down.
nt
Whenever a new buffer overrun or whatnot pops up I always hear, "It's the admin's responsibility to patch. No software is secure." Blah blah blah. Imagine if there were a defect in your CPU that allowed remote intruders to take over your system. Would you be so soft on Intel or AMD? Software is complex, but that's no excuse, it's why we pay these supposed experts obscenely large piles of money to write it for us. Lots of other things in our daily lives are complex too and they certainly don't crash several times a day.
Sure, software is a new industry, but at some point it has to grow up and be as robust as architecture or aviation. That will never happen as long as the government continues to coddle them by withholding liability. Why spend money improving your products when you can just obfuscate the file formats again and tighten your vendor lock-in instead? So what if that needless complexity adds still more bugs which cost your customers even more money--hey, they can't sue you!
It's time to put an end to this crap. If you sell something, it has to work, end of story. As for free software... well you don't expect a warranty on anything else that's free, so I don't know why people think a software liability law would be any different. Companies like Red Hat that make money off of free software would bear the liability instead.
Anyone who says vendor liability would stifle innovation is full of themselves. If anything, the embarrassing unreliability of software is what is holding it back. No one dares use software for anything important unless they have to because it's just so untrustworthy. Does the "Keep it simple, stupid" principle really reflect a desire for elegance or a fear that we simply have no inkling of how to determine if what we build actually works or not?
How much of the typical IT guy's job is essentially patching holes in other people's products when they could be writing new software? Even other software developers waste time chasing bugs in the libraries/OS/drivers they depend on. The interdependence of software components is an argument for liability, not against it.
The complaints here are no better than the RIAA's that internet downloading stifles innovation. You want the government to protect your inefficient business model while the public bears the cost.
The article also says, however, that consumers' favortism of flashy products over reliable ones is partly to blame for the current state of software.
Apropos the "newbie" Linux distros, with their flashy installer, flashy autoconfig, flashy tools and flashy packaging. Compare them to droll, dry and boring Debian and Slackware. Which group is more reliable?
A Government Is a Body of People, Usually Notably Ungoverned
There is a somewhat old, but still very good article about this kind of problem on salon. Worth a read I think.
Anyway, the number of deaths that can be attributed to software failure is quite small, and just as importantly no one has a clue as to how many lives have been saved by software reliability. For the most part software is used to replace human activity, and humans are notoriously unreliable. We really need to know what the trade-off looks like because if we delay the use of software with regulation, and are forced to live with even more unreliable humans in the meantime, then more people will wind up dead rather than fewer.
I would also note that there is no need to have a uniform policy on software reliability. Consumers may prefer flashy over reliable, but unless they are performing heart surgery with their mp3 players, who cares?
It is not so much the bug but how the are handled. Some errors would not be so bad if they were handled correctly when the happen. I was talking to customer relations at Dr. Pepper and the person I was talking to put an '*" in the address field of the program she was running. The whole customer relations computer network crashed when she did this, causing lost time and money for the employees maning the phones, extra phone charges for the company and lost time for the customers on the phone. A simple error like this should have been handled by the software company that wrote the program. Even when I was writing basic language programs I took into account bad data input. It may have looked like spaghetti code to some, but it never crashed.
You know as in I got a broken leg?
The interesting point here is that the interpreter approximated a secure platform, meaning that the whole class of buffer overflows and wild pointer problems we got used to later were absent. This level of assurance only reappeared in mainstream IT with the advent of Java.
Really - why do you think vendors place the "this software is not meant for any purpose, express or implied" language in licence agreements? Because if the vendor promises something, and that thing is blatantly not promised, then the customer can still generally get their money back en mass, thanks to resellers demands, and if it goes far enough, the legal system will generally enforce contract law with regard to purchases and false advertising.
Similarly, if a company were to go insane, and actually make a clear promise on people's lives with their software, down to the legal writing, with no one signing any waivers, and someone got killed as a direct result of the very design of the software, then under existing laws, at least someone in that software company would be legally brought up on charges for that death.
To add any extra levels of "blame" on top of that seems to me to be as superfluous as, well, the DMCA.
The moment anyone starts "getting away" with what otherwise would be crimes just because a computer was used (not because of encryption, which can be done without computers also) - then I'll agree that new laws might help... but to add special liability for sofware companies seems more an act of hysteria than anything else.
Ryan Fenton
Of the products from a company constantly crash on you...just don't buy from that vender any more :-)
"more deaths are caused by human error than by bad software"
Aren't bad software due to human errors?
Medical devices controlled by software have stringent FDA approval cycles. Basically you establish the quality of the engineering process, document the heck out of it, and then show clinical effectiveness in random control trials.
What I find fascinating is that legal basis for this is Food and Drug Act -- for the protection of the public as the reason. But the more important side benefit for the approval process is to protect physicians from liability. It's frightfully expensive. And, BTW, physicians *don't have to do this* if they are involved in active oversight when using an experimental device.
Conclusion: Most software products should be viewed as experimental devices which are being used by competent individuals and which therefore all liability is absorbed by the user. Check your EULA and GPL.
Overall this article is regrettably superficial and quite predictable given the history of the quotees, which in the case of Peter Neumann goes back at least 25 years. Not much has changed. Even the examples have the same kind of air about them.
Don't expect progress any time soon. Usually we need some kind of highly visible public disaster (e.g., like the recent nightclub fires) to motivate action.
You want verified design? Cool, you can get it. You can get a design that is gaurenteed to have no bugs and to never crash. This exists today, however you need to be prepared to PAY for it, in many ways.
First, say goodbye to the concept of being able to load your own apps or run it on your own hardware. If the company is going to certify that everything will be bug free, they need to know that a 3rd party isn't going to fuck that up. Your system will be verified to run on a certian hardware and using certian software. You will not change any of that without consulting the company first to do a verification of the proposed changes, or you'll invalidate the gaurentee and service contract. After all, you can have 100% stable code, but if a peice of hardware has a dodgy kernel mode driver it doesn't matter, that can being the system down.
Second, you will have the access restricted. You won't be able to just put this system on teh Internet to be accessed in any way you like, it will be accessed only through verified channels. You cannot potentially have the integrity compramised by clients sending unforseen data to it so all access must be controlled.
Finally, you will pay in terms of price. IF you want a system of this level you are not getting it for under a thousand dollars. Think 6 or 7 figures, plus a yearly matenence contract since you yourself aren't allowed to maintain it.
We have systems of this level in the real world. Like the AT&T/Lucent phone switches that run most of your phone network. We have one at the university and know what? IT never goes down, it didn't even go down when they upgraded it from a 5ESS to a 7R/E. It is 100% reliable. However, it is totally inflexable. We can't mess arnound with new technologies with it, it does phones and it does them only one way. We don't even work on it directly, it came with two technicians as part of the service contract. Oh, and it cost nearly 20 million dollars.
Look, if you want to have a computer market where anyone is free to build hardware and assemble it how they like, and you can freely use whatever software you want, you have to accept that there WILL be problems and you won't get verified design. The big part of a verified design is just that, verification. You check EVERY part of the design and make sure it works properly with the other parts and has no errors. Well the problem is that hardware, software, and user interaction are all a part of that and all have to be restricted. Once a design has been tested and verified, it can't be changed without reverfying.
So, if you really want 100% reliability, and can afford it in terms of monetary cost and teh sacrafices you have to make, then don't whine, go and get it. Talk to IBM, EMC, Dell or the like. They'll design you a system to do what you need that will never crash ever. However you'll need to decide what it needs to do and be happy with that, because you won't be able to change it, and you'll have to pay a real cash premium for it.
I thought it rather ironic that the main ad on this page, when I loaded it, was for the MS .Net developers kit. Somehow I just think that the sentence fragment "reliable Microsoft software" makes no sense on any level.
Just my $.02,
Ron
Impeach Barack Obama for violating the Constitutional requirement to be a "natural born" citizen to hold the office of P
Remember, it was Bill himself who said the biggest competitor for Windows 98 was Windows 95. Sure, everyone would prefer reliable, stable code - but then, what would be the customer's justification for upgrade? Where is the company's future revenue stream to come from?
I thought the article was a little disengenous referring to the customer's 'favoritism' for flashy software... the practice of upgrading to solve old bugs has been beaten into the rank-and-file Windows consumer.
Everyone will start to cheer when you put on your sailin' shoes.
I ve taken FreeBSD of this m/c and put win2k on
Never looked back, crashes less, feels quicker, couldn't understand the source code anyway so who gives a f*ck
oh yeah and it runs all the s/w I need and use
There you go Bill, have another dollar
I disagree about the article's assertion that there is no liability for defects in software.
I deal with embeddeded controls in industrial control equipment all of the time. I just had to change my insurance company last year and my rates went up because companies are being held accountable and insurance companies are paying out when people screw up. Many companies don't want to insure programmers anymore. Sounds like the hammer is coming down to me.
You may not be able to sue MS the next time Excel craps out on you but I assure you that you could sue a programmer because the system that he programmed dumped 1000 gallons of a toxic substance into your containment area or because you just released a toxic cloud of ammonia from your plant.
When the stakes are high, programmers tend to have to test a lot more. You still have to remain economically viable though. Three lines of code a day may work for NASA but the rest of us can't afford to be that inefficient. Of course the stuff that I can blow up is at most worth 10's of millions of $, not billions.
When it comes to embedded control apps, I don't think that things are much worse than they are for our physical counterparts. Yeah a plane crashed because of a bug in an altitude control system but they also crash because of other design problems in the mechanical, electrical, and materials engineering areas. I don't think that programmers are any less aware that lives depend on their work than any other type of engineer.
If you are doing number crunching types of applications, you also tend to run the code through a battery of tests. You can definitely be sued for screwing that stuff up.
Now little controllers in your dishwasher and your run of the mill desktop apps are held to a lower standard, I agree. You are rewarded by the market for getting new stuff out the door cheaply and quickly. You can certainly argue that it shouldn't be that way but the masses have spoken. If your stuff gets too far out of hand then the market will let you know. MS is definitely feeling the pressure from OSS and rightly so. I can bet you that they are atleast trying to respond. I can definitely see a big improvement between the Windows XP that I run on my notebook and desktop and the NT 4 that I ran a few years ago. I can also see that Windows 2000 is much better than NT 4 was on the server, but it isn't good enough yet and that is why a lot of people are moving to Linux for things like web servers, DB machines, etc. The market is speaking.
I would say that programmers are ultimately held accountable. I would hate to see things swing too far out of hand as I do think that it would ultimate stiffle innovation.
Bill Gates has maintained in the past that customers will not pay for bug fixes - and hence by inference will not pay for reliability. I suspect that this is demonstrably untrue. Personally I bought Win2k for my own use purely for its stability compared with '98 and ME (dons Nomex underwear). Thoughts?
'Microsoft contends that setting [reliability] standards could stifle innovation...
If Microsoft claim that litigation will run rampant and that the price of software will rise, this can only benefit the small software companies again as people turn their backs on expensive and buggy and head for cheap and stable. It's not surprising that the company with the most pathetic QA track record in history would complain that people might have a legit reason to litigate.
I'd argue the opposite. Well designed and written software requires far less maintenance, which can only allow smaller companies to invest their time on creating new and improved product. The real risk isn't that innovation becomes stifled, but that the body that defines a reliability standard confuses Software Engineering with QA. Let's face it, all that we are really talking about is imposing good quality control measures as a standard. That can only be a good thing... happy customers mean your products and company image remain sound and you get to make more money. A Win^2 situation surely?
if the home construction industry was allowed to start a home without a final blueprint like the way every software project I have ever worked on has been developed. There would be a lot less home standing through the winter.
A hand up and a foot on every chest...
Of course, EULAs make further restrictions intended to keep consumers uninformed -- barring benchmarking, sometimes barring other criticism (does Frontpage still have that clause?), not allowing security flaws to be published, etc.
Even with source, false advertising is quite possible, and should be punishable if we are to have a free market. It is now, but not done with great vigor.
Anyway, I guess my point is that this isn't a free market, and that the free market cannot be achieved with laissez faire policies.
If i were buying a used car, I would insist on being able to choose a mechanic to evaluate the car's condition. Having done that, I WOULD release the seller for any liability for the typical mechnical problems associated with buying a used car (e.g., bad brakes, emission controls tampered with, etc.). Works for cars, should work for software. Can't guarentee the car will work perfectly, but the inspection reduces the risk by enough that I feel comfortable completing the transaction. Similarly, a design/code inspection won't guarentee the software is perfect, just that it is good enough to serve its intended purpose.
"dope will get you through times of no money better than money will get you through times of no dope"
You stated that opening the source code was "unnecessary and even risky" to the notion of auditing it. There is no such relationship.
It is also immaterial what the source of a change is - you appear to be agreeing with me insofar as what matters is simply whether the code is that which was certified or not. Any change will invalidate this guarantee.
Regarding whether source or binaries are signed, you are touching on the notion of a Trusted Computing Base, itself a set of certified components, which might encompass an OS and compiler. If only the OS is in the TCB, then the certifier would be obliged to ship binaries, whereas if the compiler is included he can ship source.
Pick two.
in a software context.
When "Timmy, The Lniux Hippie" running the show, everyday is Bash MS Day.
Now that Timmy's manning the bridge, we can look forward to a slew of MS bashes. I was somewhat suprised to see he didn't work a bash into the AK47/MP3 player story. Must been all the blood left his big head, heading for the little head (nudge, nudge)
Sorry if this is redundant, I didn't have time to check every comment :). Anyways, the one problem I see in this is finding who to place the blame on. So many things can cause failures these days you better be damn sure the people you are sueing are actually to blame. Was it hardware the failed. the OS, a 3rd party library, or another application altogether? I think a lot of people wouldn't do the required research to firugre out the exact cause of the problem before they started throwing lawsuits around. Most people already don't on other issues...
Price, features, speed and reliability. Pick some but you can't have all.
To write almost bugfree software, like DoD / NASA (just be sure to check the specs for metric or not), the price is astronomical. Despite the obscene profit margin, Windows would be *much* more expensive if written by the same standards.
Also, adding features is another reason for instability. Not only commercial software, but also OSS software has been accused on focusing too much on adding features. In the commercial world because features sells, and OSS I think mainly because adding features is more fun than debugging an elusive bug that only happens on friday 13th under a full moon.
Another thing is speed. Particularly games are running the latest beta drivers on a tweaked and retweaked engine for speed. This is happening both in the high-end (pushing eyecandy) and in the low-end (pushing playability for low power machines). Don't expect perfect stability from that.
In short, I think the market would normally work this one out by itself. When delivering appliances I feel you should have the same liability as for the rest of the car. I mean whether the brakes fail because of a mechanical or electronic (software) design flaw, is not very relevant. However, for a typical software program that operates only on your computer processing information, I don't see this as very useful. Requiring some kind of standard would not change the basic trade-off, and it's not the producers' fault that the consumers aren't valuing reliability and security. They aren't willing to pay the price in form of money (How many complain about the price of Windows already), features (Go Linux. More stable, less features though) or speed (How many complain about the speed of Java that tries to abstract away from bugs related to not properly terminated strings, pointers arithmetic and array indexes out of bound?). So what did you expect?
Kjella
Live today, because you never know what tomorrow brings
Lots of people don't even WANT reliable sofware - at least, they don't want to pay for it. I'll happily accept my software crashing once a week if it saves me $300 on the cost of what would otherwise be $100 software. The last thing we need is to have the software industry start to look like the healthcare industry, where everyone pays 3x what they should to cover the insurance in case someone needs to sue someone else.
If you need absolutely, positively reliable software for some purpose, than contract with a company who is willing to provide it, and pay the price it takes to get it. But Joe Blo software user should have to foot the bill because someone ELSE wants to force ALL software to be reliable under penalty of multi-million dollar lawsuit. If I sell an operating system designed to let you play MP3s and video games and browse the internet for $99, and you use it you run your mission-critical application that causes you to lose $100 million when it crashes, why should I be liable because you used my (albeit buggy) tool for a $100 million mission critical ap? It's YOUR job to assure that you are using the correct tools for the job, NOT the guy who makes the tools!
It's like cars - just because your transmission goes out doesn't mean you get to sue the manufacturer. You get your transmission fixed if you've purchased a car with warranty terms that allow it to be fixed, and otherwise you pay for it yourself.
paintball
> I agree. Users want cutting edge, not reliability. ..and that's why people are using the Hurd.
Says the story, 'Microsoft contends that setting [reliability] standards could stifle innovation, and the cost of litigation and damages could mean more expensive software.' The article also says, however, that consumers' favortism of flashy products over reliable ones is partly to blame for the current state of software."
Wow--I had no idea. Microsoft does practise what they preach.
To-do List: Receive telemarketing call during a tornado warning. Check.
This isn't really a huge issue, it's just illustrating the need for another certification program. Look at the semiconductor market: There's semiconductors that you can use in everything, then there's semiconductors rated MILSPEC and Hospital grade, which have been tested and are approved in critical situations. Same damn semiconductor more or less, just has been exhaustively tested. They usually cost many times that of the other part, but you KNOW it will work, 'cause whoever made it is going to stand behind it.
We need the same thing for software. Someone to set up some guidelines, and provide certification to software that is going to be used in a critical application. Hell, maybe even the UL could open a division and do it. It is plain stupid to assume authors have liability over all software written, especially in the open source world. However, if I buy a product, and its software has been certified by a trustworthy organization, I'd feel better about myself.
If you think about it, laws that mandate software reliablity would just increase the barrier to entry of new software. If laws were passed, theres a good chance lots of small software companies would go out of business because they couldnt afford the extra measure that the laws would require. This in turn would help microsoft since its competition would be decreased.
Large corporations are usually in favor of protectionist government policies like this since the money they gain by stifling upstart competition is much larger than the costs it would incur by following this law.
This explains the fact why large corporations are usually the largest donors to the democratic party.
I agree, if I fork over lots of $ to MS, I expect a reasonable amount of reliability of their product (they are after all, selling software to enable me to do something reliably). I microsoft can't produce reliable software, then they should find another venu to make money, perhaps selling music cd's..microsoft is a very rich monopoly that should be sued for inept performance in reliable products..they could have spent money years ago developing good software reliablilty systems to debug their code (but they didn't want to do any R&D for years..too much money, not enough lawsuits I guess)
If something is inherently unreliable then you don't need to fix it: you find ways to live with it. A perfect example of this is the internet itself. TCP is a reliable transport provided over IP, an unreliable internetworking layer.
Make no mistake: IP is explicitly and deliberately unreliable. This keeps it simple, and allows upper layers to choose appropriate quality of service parameters for their application.
How this relates to the issue of unreliable application software is fuzzy: but its pretty obvious that humans have adapted to the reality of the situation: the power-cycling protocol is just one example of the ways in which we cope.
If a situation is life-critical, then I'd be happier knowing that the system is designed to cope with glitches then if the system assumes these glitches have been tested out of existance. Cosmic Rays really do exist, so some level of unreliability is guarenteed!
Opinions my own, statements of fact may contain errors
Before you guys go onto your "Yay, kill Microsoft" tirades, remember, Microsoft can afford this. Most smaller vendors cannot. Insurance companies will immediately jump onto the opportunity and software prices will skyrocket while shutting down the smaller outfits.
Also, this will have an impact on opensource. If vendors become liable and opensource is not then companies will have all the more reason to purchase commercial software so that they will have protection. And if opensource is also deemed liable then such vendors, and possibly even private programmers, could be brought to task on vulnerabilities.
This is not the win/win scenario that many see it to be. This will undoubtedly escalate and will impact opensource negavitely regardless of how liable it is. Regardless of how proactive a company may be bugs will still emerge. And the only companies to survive will be those who can pay. That's Microsoft, and probably only Microsoft.
In most places, free-as-in-beer stuff is already fundamentally a special case, because unless something of value changes hands in both directions, you don't have a contract.
Of course, free-as-in-speech software neither deserves nor should get any special privileges. If you make money by selling me an OS that happens to be GPL'd, open source, or otherwise "free", that's still something you're selling me. "Oh, you should have looked at all the source code for Linux and spotted the critical bug for yourself" isn't much of an excuse at that point; I'm paying you to have done that for me.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
What they should do is remove any legal weight from clauses along the lines of "This software comes with no warranty of any kind, including fitness for any particular purpose..."
If you're taking my money for it, it should be fit for something, just the same as any other product, and just the same as any other sales pitch, I should be given a fair and accurate description of what the software I'm paying for is or isn't fit to do.
Part of the problem here is that most people on this thread seem to be thinking in absolutes: "if Word crashes, I can sue MS for [evil grin and pinkie finger to mouth] one million dollars!" It's not about 100% reliability, it's about reliable enough. A word processor doesn't need to be bug-free, it just needs to be reliable enough to write my documents under normal circumstances. MS might reasonably be expected to pay some compensation for excessive downtime due to their carelessness with the recent product activation issue, but not if Word crashes because of some incompatibility with other software on your machine about which they can do nothing.
Surely it should all come down to fair and reasonable marketing claims (don't say it's 100% reliable if it ain't) and fair and reasonable compensation when those claims are found to be erroneous (if you said it was in good faith, but it turned out not to be, you give me back some reasonable amount in compensation, depending on how effectively you addressed the problem once it was discovered).
If you want 99.99999% up-time for your server, you can buy from someone who claims to provide it, paying whatever the going rate is for it, and expect to get it (or compensation). However, you aren't entitled to assume that WinXP is suitable for running operating theatre laser surgery algorithms "just because" and then sue MS when it doesn't live up to the job you've foolishly given it.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Probably not. By step 10 your software will be about 5 years behind the competition's.
You get what you pay for.
Its the user's fault because he wants a flashy product?
I thought it was the coders fault for putting backdoors in.
God spoke to me
Is it possible to remedy some of this via multiple redundant code paths? Sortof like eXtreme Programming 2.0 - now we take 2 pairs of programmers and let them write the same logic, test it, etc. If there's a failure in one of those instances of logic, it tries to execute via the other? Now take this approach and scale it from programming/testing to architecture, analysis, etc. Just a thought.
Tacitus was speaking of a society going into senescence -- it had piled corruption upon corruption under color of law because it simply felt so good to those in power to pass laws.
Something similar is afoot with the idea that you can get better software by reducing labor costs via H-1B visas -- it boils down to a society in which responsibility for one's words is dissappating and being replaced by the same sort of nonsense that ultimately replaced the rule of law in Rome: The word of an Emperor God who had at least shown himself worthy due not to his ablity to manipulate and mince words -- but on the field of battle.
It is far too plausible that the United States is leading technological civilization down a similar path due to the way words have become a medium of manipulation rather than communication. It is to the point now that those who make hiring decisions for software are afraid of Occam's Razor -- for it just may cut their umbilicle chord as well as making code comprehensible, reliable and secure.
Seastead this.
reliability. further, we expect more and more features and expect it at a low price. People who design software, do so on language that is backwards compatible with ones 20 years ago, namely C++, which carries some of the many failures on many levels into living applications. Now the language is not wrong, but how many people really considered writing their applications, say in Lisp, Scheme or Forth. Each language has its advantages, yet economics of software development demand that people should use most widespread language, so that it would not be as hard to hire decent software developers. What most managers do not realize is that by choosing a language they meddle in the affairs of those who know the field much better... The is whole stigma with using software tools, languages being the core. And often it is decided by managers who do not carry responsibility for development and manintenace of the software. And even if they do common fallacies used to justify imposition of specific tools onto software teams. ... except games! So what do you expect? Incomplete requirements, unfit tools ... list goes on and on. Very few people are able to cut through the bullshit, and crap in general to get a very good software package out. Nevermind treat their employees right. Bugs is corporate software are just some of the sysmptoms corporate world bearing off, core of the problem being, is sheer miscommunication in way public companies are handled - which is what most of software companies are.
However sometimes teams are fortunate enought to have choice in matter of tools, yet they never really have the way to verify that something they have created is exactly what a customer needs. Scrutiny by expert users is often absent from software development
In the end it is all about compromises and vision. Software bugs are just side effects, that will exaterbate any main problems a software company has. (that is bugs in tested and released software).
Plus something that was not tested for and does not have fatal outcome on the program is not a bug, i'd rather qualify it as a glitch...
my 2c.
m
testing out my trending skills
We've found that even very simple bug pattern detectors turn up dozens or hundreds of bugs in production code.
The good news is that as bug-finding techniques mature and become more widespread, more bugs can be found during development rather than after applications are deployed.
t
testing out my trending skills
n
testing out my trending skills
I'm not an expert on pacemakers, but I don't know if I believe your claim that I want the reliable vs the featureful pacemaker for all cases. Imangine that your heart condidition requires a feature that doesn't exist in the stable pacemaker to correct. What do you do? Use the unstable version and die beacause your rythems are not corrected right, or risk a failure in the less stable version?
Point is, in some cases failure isn't allowed, but smaller stable code is not nessecarly a compromise that you can make either.
Of course if the unstable pacemaker just allowed a me to pull up statistics with no medical value, then of course I don't want it.
It will be nice when Microsoft realizes that the whole "innovation" thing is like beating a dead horse (a really dead horse). Everyone should know by now that Microsoft hasn't done anything uniquely innovative, ever. They might have bought out innovation but original, unique, and beneficial innovations aren't really their bag.
There's a difference?a large one, actually?between considering college degrees based on the quality of the college (i.e., not giving so much weight to degrees from colleges that aren't so strong) and ignoring all college degrees. To do the latter is nothing short of foolish. The idea that anything below a M.A. or Ph.D. is useless regardless of who issued is almost as foolish.
...have drivers and such supported or at least updated for x number of years instead of being dropped like a rock when the next version of comes out? we've all got a lot of hardware that i can't use anymore or can't use because updates (and fixes) were shelved permanently. most of this is just lack of will. it's disgusting how much hardware waste stuff like that causes.
if you want people to think you know what you are talking about, just put ".com" at the end of everything you say.com
Back when I was a CompSCi student the guy teaching Software Engineering was the most interesting classes to be in. He worked at NASA on verifying the code for the manuaver jets (orwhatever they call them) was bug free. It was supposed to take only one semester. He was gone 3. That was for just 3 pages of code.
NASA figures they have the most bug free code on the planet. And they figure they have about 1 error for every 10,000 lines of code or "1 error per 10 KLOC" (at least this was back in '92 or 93). They also figured the average programmer could pump out 10 lines of error free code a day.
TEN LINES A DAY! My God! How many lines of code are there in Windows?! How many people do they have working on it? They aren't pumping out a measily 10 lines of code a day! That's for sure!
Heck, if Linux was written at that speed I doubt we'd have any kind of graphical interface at all!
Now think about something like the a fly by wire Jetliner. Oooo... two or three million lines of code, divided by 10,000 (assuming NASA level error rates) and you'd never get my old professor to fly on one of those! Oh, what about Star Wars Missile defense? I think I'll stop flying altogether and just take a boat thank you!
What is your point? No party can give you 100% security--whether you're talking about the million "eyes" of open source or the skilled eyes of a good 3rd party auditor--but that's not the same thing. Those parties may still extend _their_ gaurantees, but that doesn't mean you have security. The point that I'm making is that you're always going to have risk. Yes, there is some remote possiblity that the company may modify the software on the QT, but if the auditors validate version 1.1 (with known features A-Z), then there's little incentive to sneak changes (you can't market it, it can't be too significant,
Again, what is your point? Baring some paranoid's wet dream, it's unlikely that the binaries can be modified in such a way that they could not be detected by an astute user. Why would a respectable company take such risks to make such modifications? Get real please.
...is that the bad coding that caused the Polar Landing accident resulted from poor communication among international collaborators.
If one software module passes metric values into another software module expecting values in English standard measurement, that's a software error, whatever the reasons for it, and no matter how well each module was tested independantly.
This really just highlights why writing "perfect" software is so difficult... there are so many ways something can go wrong, regardless of how intelligent and professional the creators of the software.
Debugging a complex program is NOT like debugging a complex mechanical thing like a car... imagine if you cleaned the floor mats in your car, and the next time you hit 80 mph your entire chassis vaporized.
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
3.5) Announce with great fanfare, so people will defer purchase of a competitor's similar product that is already shipping!
Remembering back to the Commodore64 and even the nintendo, the Graphical systems we've developed (besides all of the alogorithms and code behind the rest of computing) are innovative and amazing.
Distributed without liability to creator. No one purchases it. Use at your own risk.
In short, you're comparing apples and oranges. In your case you're looking for wear and tear or accident related damages--that's relatively easy for an experienced mechanic to find--it's diagnostics, not engineering. In the case of software there is no such quick test that approximates this, because you're looking at its very form. If your mechanic is capable enough to replace all that safety engineering and QA put in place by car manufacturers with a 10 minute lookover, then I'm sure you can find a car manufacturer somewhere who would be sell you a car on the cheap without all that hassle.
Yes, Ada was designed from the ground up for reliability, and experience has shown that it substantially reduces bugs, particularly post-deployment bugs, the most expensive kind. I'm amazed that nobody else mentioned this. Oh well, nobody will read this comment anyway.
I watch Brit Hume on Fox News
The C/C++ Users Journal has an excellent editorial article about the low qulity of software. The premise is that a lot more people became software professionals than could be properly mentored into high quality developers. Also, a lot of people went into the profession who were simply not skilled at all. I think the article is right on the money when they say a main reason for low quality is that a lot of code has been written by people who just know VB or HTML and suddenly think they're hot-shot software architects.
You mean consumers know they have a choice between reliable and unreliable stuff?
However, it is still questionable whether closed source -- as it is typically sold -- really leads to informed consumers, even without restrictions Software is not particularly transparent, and its flaws may not be readily apparent. Buyer Beware is not the free market.
The U.S. DoD addressed the problem a long time ago. Like it or not, the Defense Department has been putting computers in unique places long before someone thought of doing the same or analogous thing with a consumer product. As an example, think about how long you have been hearing about this or that fighter or bomber that was "fly by wire." This means it doesn't have the traditional physical control cables but instead relies on computers to actuate movement of the control surfaces. Some planes such as the F-16 and F117A are so aerodynamically unstable that the only way they fly straight and level is by the flight control computer making it happen. (Hint: if the flight control computer crashes, so does the airplane and they ain't cheap.) Same thing with command and control systems. The wrong person can get killed if the system says its OK to shoot when it isn't.
Basically, the DoD kicks in higher levels of quality control as the consequences of something going wrong goes up. Guess what? It costs more and takes longer. Fly by wire commercial aviation goes through a simillar process. You just can't have the captain of a commercial jet say, "Ladies and gentlemen, we're sorry to report that the flight control computer just gave us a BSOD. Been nice knowing you." It still isn't perfect but there are some pretty impressive records for systems running cummulatively tens of thousands of hours without a glitch. But developing the systems took time and the testing took time.
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
mehinks that whole spambusiness has been launched by some evil genius to make us forget bitching about the time we lose due to crappy software
its probably been said already a dozen times but the level of security required depends on the application. for the average home user it doesnt matter too much, for a business its getting more important, for certain government applications its essential, and for critical life-saving systems it's life-or-death. personally i dont care too much about someone hacking my home box, but if they can hack my ECU and set the throttle to idle at 6000 rpm when im driving through a schoolzone, im gonna be pretty pissed. (so, never hook up an ECU to any kind of wireless network)
"Save me jebus!" - Homer Simpson (btw, I'm probably talkin out of me arse)
Back when I took that class, we weren't required to read or discuss it, but I assume it was thrown in there amongst the hundreds of pages of Scheme code as a little note to those of us who would be building the digital infrastructure of tomorrow land to be responsible about keeping code robust, well-documented, and well-ventilated. Because, I guess, people's lives might be at stake.
I read the article one day and though how much it all sucked and became a history major. But I imagine if I got suckered into coding again, I'd look that article up for some inspiration.
(above link is for reference, I don't recall who wrote the paper in the Berkeley CS61A reader...)
Actually, Microsoft software is quite reliable. Reliability does not, however, imply security or stability. My friends' MS software crashes quite reliably. ;)
Microsoft contends that setting standards could stifle innovation, and the cost of litigation and damages could mean more expensive software.
Basically, MS is saying that they are not responsible for the product that they managed to get into a monopolistic position in the market. When people get a computer, they usually don't have any other option then to get one of the MS OS's. When the consumer is not given that choice, the consumer should not be held responsible for the shortcomings of the OS. If they plug their Win2K box into the cable modem without updating (with patches that have no warrauntee), after installing frontpage... they should not be the ones responsible for an infection of Code Red.
When you have a company that says that their innovative capacities are inhibited by the responsiblity that they may be required to take, that's when the company needs to reconsider their values. If a country depends on your product to operate, your product alone, then you had better make that product the best damn product ever. That includes a bulletproof security scheme, it includes error-trapping and stable code, it includes fixing everything that causes a blue screen out of the box.
Since MS has been found in court to have a monopoly, they must shoulder the responsibility to the consumer. If they do not, then they've got to do something to allow competition to exist on the desktop. The consumer comes before the company. If what MS says seems to be beneficial to the consumer, it's probably enough of a euphamism to cover up something that's like "MS ain't gonna pay for what they're baby broke."
grr. This crap really frustrates me.
You need to restart your computer. Hold down the Power button for several seconds or press the Restart button.
THINK OF THE CHILDREN!!!
> It's not like a switch was flipped and all the sudden society is headed downhill.
Exactly, but there may be more here than just a sudden realization that you're up to your knees in nonsense. We're living in an age of cheap/free information, yet people are still getting their media and other information from the same traditional outlets. I can sympathize with the people who are net-savy and know they can do a google search for "new york post crediblity" but their friends just read the tabloid and go with it.
There's this assumption, well its more like idealism, that easy access to differening viewpoints e.g. more information, will create a person with less bias and a love of the truth, but frankly it may never happen on a mass scale.
In my Dad's day there was the local papers and if you were lucky an alternative weekly. Now you've got everything at your fingertips yet many are still reading the same old paper.
Worse, there hasn't been a significant dent in the celebrity star system, which more or less reinforces the idea that celebrities are part of human nature. From the Illiad onwards we seem to want a hero and truth be damned, the story is more important than the fact. Sure X celebrity worked his/her way up from the streets with no shameless marketing, backroom deals, etc. Do people really want to know how the TV/Movie/Music businesses really work? I doubt it. Some do, but not enough to cause some kind of critical mass.
In the end, there probably isn't a solution to these "problems." As humans we have needs and one of those needs is the hero/celebrity and information that doesn't threaten our worldview too much. Think religion.
At best, we can come to a self-realization of what we're doing, but fighing human-nature on a mass-scale may take centuries of effort if its even possible. Plus, there's the hairy question of when to start. Sure we can toss out J-Lo but what about Odysseus?
Remember that not all licenses and contracts have this phrase. Perhaps the vast majority do, but most companies that really want a license that doesn't disclaim fitness can buy software from someone, for some (great) price. I know that the market system isn't always right, but in most cases we should at least consider the possibility. In this case, the market has decided that most applications don't warrant software guaranteed for a particular purpose. When conditions change so that software users decide they want software guranteed to do the job they want to do, they'll pay for this and they'll get it. Eventually, various structures like bonding and accreditation will fall into place and guaranteed-fit software will cost less than it would today. Perhaps this possibility justifies some sort of government mandate today, but that seems a rather weak argument to me.
Hearing buyers complain that the law should have required them to buy something other than they wanted at the time reminds me of shareholders complaining about the actions of boards that they accepted by defualt proxy. In capitalism, it is not only the producers who are responsible for the traded products.
later,
Jess
I am programmed for etiquette, not destruction!
Well, for the benefit of onlookers who are undecided, I'll put this counterargument: Exposing the source to "hackers" is not the only factor to take into consideration. Developers are more likely to be careful, to take pride in their work, and to produce secure code, when they know that their code can be viewed by all their users, and when they work in an open source style rather than as an only-in-it-for-the-money corporate code monkey. Many eyes make a lot of bugs shallow. When was the last time you heard of a typical piece of closed-source software touting its "security audit by a third party"? And, even if a closed source product is security audited, NDAs can be used to "sit on" bugs if the developer cannot be bothered to fix them. (Highly unethical, but it can happen.)
Especially with projects with diverse public participation, NDAs during a security audit of an open source product which allowed developers to ignore security holes would be unthinkable, and would result in huge media storms! At Microsoft, allowing developers to ignore security holes was (but hopefully is no longer) an implicit policy.
Lastly, security through obscurity is a very lousy way of fighting "hackers". Closed source is not invulnerable, as we've seen - and if your IIS installation gets hit and MS's "remedy" proves to be nonexistent or less than suitable, who do you turn to? You have no choice, short of scrapping your investment in IIS (which is probably advisable!): by and large, closed source == monopoly aftermarkets.
Using safer programming languages (recommended for many projects), or attracting some programming gurus who can prevent the most common security bugs getting into production code, are better strategies.
Female Prison Rape in NY
You fucking rock. I hate rocks.
Obviously, if individual developers become liable for the code they write, it would be bad. If, OTOH, liability follows the money, it would be a good thing.
If you buy a Red Hat product, Red Hat is held liable for the bugs that may be there, not J. Random Hacker. So, Red Hat would have to thoroughly review the code, employing more people to do it. That way, more hackers could work full-time on free software. Prizes for free swoftware would go up, not a bad thing in itself, and so there will be more money to develop free software.
The product that vendors would sell, is a warranty.
I think the community should support efforts to make those who sell software liable for the products they sell.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
Don't get me wrong, I'm not suggesting the programmer doesn't play a key role in software development, but this seems to suggest that they are the only ones that matter.
How about consideration of
i) The requirements - analysis of what is needed expressed in a clear, complete, concise and comprehensive manner (very hard to do and so seldom done) - put QA first not last, reviews and inspections of the documentation pays off.
ii) Testers - testing independent of the programmers at the system, integration and user acceptance level. It's hard to be objective about what you write yourself, especially if the code works perfectly well but doesn't do what was specified. Testers require a different skill set to programmers.
iii) The end users - reliability for an end user may depend on different criteria - on one level as long as the software does it's job in a satisfactory manner reliability may be secondary to functionality and usability. If reliability was so highly prized there would be many more mainframe systems being developed using green screen terminals.
And yes, I am a QA consultant - someone needs to fight the testers corner.
Reliable software can be be produced in cases where the problem being solved is well understood (i.e. space flight) and the requirements do not change. Unfortunately, such problems are rare.
Fo example, does Slashcode have a formal spec? Requirements document? Should I be able to sue when my comments get lost?
If the answer to the above questions is "no", tha does that make the the actual software is useless?
...richie - It is a good day to code.
I lived in Washington DC for three years and their traffic lights are controlled so that motorcades of officials can geta round the city more effectively. They also setup up police blockades for security, and it is generally a pain to the residents, but it works pretty well. In addition, after 9/11 they modified the system to make mass evacuation more effective. In a nutshell, less light changes and longer durations of red/green work better for evacuation.
-- Solaris Central - http://w
Having worked in the Telecom sector, where unreliable software always costs money, and was know my the Management that it needed to be reliable, and that doing so cost money. There was ALWAYS time and equipment to test, and debug before new releases were deployed. Every piece was tested, systems were also redundant with hardware failures rolling to backup systems. Expensive, you bet. Needed Yup!. But it can be done.
The very answers that have been posted here attest to the fact that the "geeks" posting here (me included) have become WAY TOO ACCUSTOMED to buggy software.
and Yes!, I have operated software on Unix machines that ran for YEARS (and in years) without failure, or reboots. (we sometimes rebooted them yearly just to test them.)
raise your standards boys (and girls) why settle.
PS: C is it's own virus!
The way I see it, consumers are entirely to blame for the state of the software they run. By consumers, I mean people who whine about the crappiness of Windows, yet still keep running it.
Don't give me that "I need Windows" bull. I've never purchased Microsoft software in my life, I use no Microsoft software on my computer... yet strangely enough life goes on. I write documents, browse the web, swap photos, play games, make spreadsheets, do my taxes, just like anyone else.
There are far more reliable, fully functional alternatives to Windows out there. Either install Xandros, or buy a Mac. If you're not willing to do either of those things then just shut the hell up about software quality, because you obviously don't care enough to actually do anything about it. In fact, given that the alternatives to Microsoft on PC hardware would also make your machine run faster, save you money, and guard your privacy, it's hard to see what more inducement you could need to get off your ass, find that install CD, and spend a few days making the switch.
It seems to me that the whining is really saying "I wish the government would wave a magic wand and make Microsoft write software that doesn't suck". Well, real life doesn't work that way. You have to take responsibility yourself, be an informed and responsible person, and create the changes you want to see.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Yes, and there's no sin in that... provided they are the right tradeoffs. Too often I've seen managers demand 'tradeoffs' that were clueless. The classic is cutting testing because the customer is unhappy because the product is late. As if they would be happy with a useless bug riddled product. So next time management talks to that customer, the customer is pissed, has them over a barrel, and makes outrageous demands, which are agreed. Repeat. I've seen that cycle go around four times with management doing nothing to break it.
I've come across my fair share of incompetent programmers, but I would be overjoyed to have managers who were as competent at managing as the programmers are at programming.
As programmers we are paid to have and develop complex technical skills that are hard to use. We are therefore paid more than the minimum wage. Since managers are typically paid more than programmers, they should be more skilled at their job or should take responsibility for their mistakes. Yet when there is a management SNAFU, the solution, apparently, is for the programmers to work harder.
Ne mæg werig mod wyrde wiðstondan, ne se hreo hyge helpe gefremman.
Why is it that for ever "problem" in our society, the immediate answer from our representatives is to pass more legislation? Highly reliable software already exist and those that need it are willing to pay the extra money to obtain it. If someone is running their mission critical applications on a Win95 box, who's fault is it when it crashes? Considering there are numerous, more reliable alternatives out there, it seems to me that the operator is at fault.
The initial intention behind liability laws was to make entities financially responsible for gross negligence or willful neglect. What we have today is a society full of people that refuses to take any personal responsibility what so ever. Ice storm drop 5" of ice on my driveway and the mailman slips? It's my fault - sue me. I have an accident on the freeway? The car was at fault, sue the automaker. Not watching what you're doing on a construction job and shoot a nail through your foot? Outlaw nailguns and sue the manufacture. I'm running my business on win95? I'll sue microsoft when it crashing, taking all my business records with it.
The argument was over whether or not consumers should be allowed to decide whether or not they wish to use open source for themselves though (because the poster that I was replying to was giving open source a false staff with which to bash closed source).
... and so on. No, the fact is that in most cases you just don't know and nor can you. What keeps these product and service providers in check in the vast majority of cases is their reputation. In fact, reputation is the primary organizing force in the market, not direct transparency. When is the last time you heard of a consumer buying, say, a refrigerator because of its specific compressor? How many customers will even look this up? What customers look at is WHO makes it and just perhaps fundamental aspects of its engineering (e.g., motor-type, horse power, etc--but even then more as features than as a quality check). You can only burn customers so many times before you pay severely in the market. Yes, individual customers can and even will get burned in some cases by less reputable firms, but over time, it doesn't pay for the companies to do this. So yes, it generally is a free market.
That not withstanding, I think I should clear a few things up:
A) The situation with closed source software is really not that different than many other large sectors of the free market. The free market is not premised on 100% transparency or even close to it. It generally does not need it to effectively keep companies in check. Do you really know what your doctor is doing with his equipment before you go in and see him? Do you really know he learned in medical school or what he did in residency? Do you really know how your car was engineered or tolerances of every unit in the car? Do you really know how your building was engineered?
B) You should distinguish between standard closed source software companies and companies that zealously attempt to suppress organized/official review of their software with the DCMA and other tools. I assert that very few software companies really behave like this; that is to say that if a PC magazine or website wishes to give poor reviews to their applications, then it can and will happen. What's more, even those few companies that do attempt to suppress review, ultimately fail to succeed in the market because they cannot effectively stop consumers from bad mouthing their product, regardless of the EULAs they may sign. That is to say that they ultimately pay. Yeah, I recognize that they might get away with a product that is 15% less quick than the prior version, but they're not going to get away with a product that consistently corrupts the customer's data, for instance--consumers will find out.
C) To the extent that companies do abuse the DCMA, EULAs, and similar legal tools, you can attack THOSE specifically and NOT closed source itself. It is a mistake to confuse these legal mechanisms and certain monopoly powers, not only because they're a seperate problem, but because open source truly does not assure that these cannot occur.
D) Buyer beware has always been the fundamental driving force behind the free market. Yes, there are markets where outside forces play a large role (e.g., the US financial markets), but these
You know there were 12000000 lines of code in windows 2000? Do you have any idea how long it would take them to source audit TWELVE MILLION LINES OF CODE? And the cost would be nearly incalculable.
And that's just for windows 2000. They would have to go over the (few) parts of XP that were different, then all of Office, then all of SQL Server. The idea that someone could sue MS for somethign like the Slammer epidemic has got to be Bill Gates recurring nightmare.
I predict MS will get behind this when hell freezes over.
Just my opinion.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
More importantly there are high standards in place to better guarantee the professionalism and productivity of quality software and services to our galant public servants. Accreditations like the 5 SEI levels certify the ability (to bullshit your way through the accred process) of the organization to apply the tools and processes expected of a professional software engineering firm (not even close).
Basically by following the government model you can ignore quality and usability and focus your resources instead upon winning more contracts through the hiring of more bullshit artists. Remember that it does not matter if your product goes over budget, is overdue and does not meet requirements since you would most likely not have gathered or analyzed (much less tracked and updated) requirements and there was no real design. Design is defined as the end product much like any other hacked together system is not designed but could be called that if you wanted to lie. Version control, configuration management, issue tracking, change requests, peer review or any sort of organized and consistent testing and quality control are expensive and a pain and thus rarely employed. However, since the SEI accreditation require these and a defined process then what you can do is just jot down some buzz word memo's, buy a CASE tool and set it in the corner and then usher around the accreditation team to just the parts you want them to see.
If you feel you can't handle this then look in the yellow pages for "used car salesmen rentals" and you will be set. It really is a lucrative deal and even better if you ever do want to actually build a usable and useful system then what you can do is have the taxpayer foot the bill for your POS prototypes and then later sell out your software as is or as a service and make good money. Consider the tax payers your venture capitalists, except here quality and ROI is never an issue.
Oh yes, fire control... there will be annoying instances where you will have end users (especially if they are deployed military) who foolishly demand usable and reliable products that meet their needs. The trully annoying of these will raise these issues and somehow get them up the chain through the Chain of Command filters (the IDUD's or I Don't Understand Duty folk) and then you have to "fix" the problem. No problem, since your company wisely placed several O-6's and above in the key decision making positions who can schmooze enough to sell heaters in hell then what you do is just aim these folks to the government reps (who really could care less about the end user) and work their word magic on them. Soon the problem disappears and you didn't have to do any annoying work.
The secret to success is to work the system and thus you must understand what the system is. Don't come in with your ideals of free-market capitalism as you will most likely fail. Understand first that this is a closed socialist system that relies solely on the unelected career bureaucrats to be dazzled enough to buy into your scheme. If when trying to sell an existing product (even if just a subset of what it will become) don't come to the table with facts about the methodologies and technology your system employs that make it superior, even if you fit the implied requirements exactly (and especially if you exceed them). This is all fine and good, but what will sell is your presentation of pretty buzz words and bureaucrat-speak. Pull out every stopper on the keg of superficial and insulting slime-sales tactics. Adopt a military looking demeanor, as only
The perceived mentality is that instead of these games being designed and implemented with filling a niche in mind, they simply threw in crowd pleasers to attract a larger market. This is of course the fault of the consumer. Consumers often forget that they vote with their feet and if they shell out the scratch for crap then they both give a vote of confidence for that type of game as well as that type of development method (throwing in useless crowd pleasing crap).
Next you come to the stability of the game. How frustrating it is to have your game crash every 5 to 10 minutes, lose saved games or have to reinstall your entire OS to "get it working" is only superceeded by the fanboy responses you get if you ask for help often. People will just mouth things like "your video card sucks, buy a better one" even if your video card does in fact not seem to exhibit problems with other games. It is a straw man argument given that your hardware is to blame and no fault lies with the software developer. Granted there are times (ATI) when either the hardware or drivers are really just sub-par (going back to this argument anyway) in which case contacting them will get a finger pointed right back at the software developer. (One example is Neverwinter Nights and ATI cards)
A common situation given that a game is both buggy or just does not do what it said it would do is where the effort seems to be placed by the developer into adding more chrome and not fixing or stabilizing the existing chrome or feature set. However, the non entertainment portions of the software industry do nothing different so I should not expect too much from various software pieces. I always try to wait for reviews these products first but sometimes I will admit I don't do a good job. However sometime it is hard to find quality reviews whether because of the unethical selling out of reviewers or simply just a lack of professional objectivity. With games, what will always stick out in my mind as how reviews can be so unreliable is the reviews of Ultima Ascension (or 9). I have always loved Ultima and realized I had high expectations at first. However my expectations were dashed merely be seeing the lack of fan and customer commitment by EA for this game and what info we did get was rather scary. 6 years development time resulted in a game that was largely unplayable. I won't go into the discontinuity of story, lack of good gameplay, weak story and overall disappointment when compared to other Ultimas (and considering this was the last one) but just by focusing on in game play, stability and quality it was a pile of dung. I forget how many patches it took to become a bit playable but it was by no surprise a group of dedicated fans that wrote a final patch that helped the stability the most. (at least it made it so that it would play for more than 15 minutes without locking up the entire system or exiting) Of course some other good folks also released various mods to the dialog and some other elements (if I remember correctly) that made the game feel more immersive and more Ultima-like.
I seek not only to follow in the footsteps of the men of old, I seek the things they sought.
I won't attempt to plagarise here as I really cant since I do not remember the exact words or the poster, but a poster many moons ago posted a very good piece on the problem of chrome overshadowing functionality.
Because the margin of error in software ~=0.
I can build a house, make the walls nice and think, put some good solid oak timbers for rafters etc... and expect it to last a couple of hundred years without any magical training.
in software, one typo could be the differance between life and death.
In critical systems they usually get two different groups of people to software for the same task on different hardware and hope that they both didn't make the same mistake.
thank God the internet isn't a human right.
and latting in loads of viruses that munch there way through your HDD.
A killer virus would sort out a lot of the bugs.
thank God the internet isn't a human right.
What part of RTOS didn't you understand? Please reread parent post.
> move that 50% to testing
Better yet, fire that 50% and then have your programmers write unit tests. Nothing like code to test code.
Tom
The Army reading list
I find it odd that nowhere in the article or in the slashdot discussion is there a single mention of Extreme Programming or Test Driven Development.
Writing automated tests, then adding the code to pass the tests, and running the tests frequently has a number of benefits:
1) achieving high test coverage
2) getting lots of practice writing tests
3) getting lots of practice writing testable code.
4) catching introduced bugs
5) simpler designs (easier to maintain, easier to debug)
Under TDD, a full suite of tests is often run many times daily. Mistakes are caught immediately.
If something like this were to happen, it would cause developers to reevaluate their tools, and I think that C/C++ would lose out big time.
C is an excellent model for development in situations with extreme constraints of certain sorts. That doesn't make it the best default general-purpose language.
Looked at in reverse, would any multilingual developer feel *more* inclined to use C for general applications on big (non-device) machines if the personal penalty for bugs in his code rose dramatically?
"Those who have never entered upon scientific pursuits know not a tithe of the poetry by which they are surrounded."
But what is bad software, if not human error? Assen Jordanoff wrote in Safety in Flight (circa 1950) that the causes of aircraft accidents eventually reduce to the human element (usually, a series of human failures). Structural failure? Poor design, poor fabrication, poor maintenance, or poor use. Weather? poor forecast, poor judgement, failure to divert to plan "B" (land and wait it out). Out of fuel? Poor planning, failure to divert to plan "B" (land and refuel).
Professional software design is no different. If you're not taking the responsibility to guard against things that could go wrong, you're not being a professional, you're being negligent.
Somewhere a thousand lawyers salivate. b-)
Of course your characterization of software suppliers using monopoly power to keep needed features out of products is conceivable. I think, however, it is exceedingly unlikely. The reasons we haven't seen more guaranteed software licenses are practical as well as contingent. The contingent reasons, such as the insurance industry's current inability to quantify software risk, could be amenable to judicial redress. The practical reasons include the vast diversity of operating environments, the 80/20 rule, the very broad range of problems to which software may be applied, and the unsolvability of the software risk quantification problem. b-) These are givens of our existence, that no judge could change (although many are sure to try).
Certainly a consumer user of word-processing products, for example, is out of luck if he wants to buy something that is "guaranteed never to lose my work". Similarly, a car enthusiast is out of luck if he wants to buy a flying car. While many engineer-centuries of work would probably solve either problem, the solution in both cases is for the user to realize the limitations of the product and to perform accordingly. I.e., I'll leave at least 45 minutes prior to work so I won't have to fly to get there on time, and I'll make sure not to indiscriminantly run "rm *" commands in my directories.
later,
Jess
I am programmed for etiquette, not destruction!