Slashdot Mirror
Software Approvals For Consumer Markets?
Odkin asks: "Some friends and I are struggling with a hardware project which is stalled due to costly consumer market approvals (which is alright I guess). But it struck me, why are there only market approvals for hardware and not software? The hardware approvals include functionality tests that ensure that the product works as intended in any way the user would handle it (even unsuitable use). Would such approvals for commercial software improve the quality of the products, including minimizing the risk of data loss and heightening the security? In other words, would it facilitate or inhibit the creation of good software?"
Or is it both?
Some software goes through rigorous approval and acceptance testing. I'm looking at the software for the space shuttle. It's like civil engineering - due to the huge liabilities inherent in a failure scenario, an incredible amount of effort is put into ensuring that a failure scenario does not happen.
Some software gets cursory testing. I'm looking at my employer. It's like a burger - who cares if you get one pickle slice or two, as long as you get your burger?
And some software is like an analogy that makes no sense, like bridges and burgers. Mmmm, Chief Justice Warren Burger...
Posting anonymously. Hi, boss!
If there were market approvals for software, OSS would be dead in the water.
It would certainly help usability. If you extend the analogy of unsuitable use of hardware to software, what if I click the wrong button or enter an illegal command. This should all be handled by good software.
But if that process ever became standard, it might help quite a bit with security. Throw in some bogus data and see if anyone can read it or write to it illegally.
Ultimately, this will never happen unless users demand it, and refuse to buy a product unless it passes such a test. And I don't know if that will happen.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
Could you clarify exactly what a 'consumer market approval' is? Is it done in house by the company making the product or by a third party institution? Are there generally accepted standards for the process or does each reviewing group have their own procedure?
Could you imagine how much this would slow down the development process? If you had to get *approval* for the release of every new bloody version of a piece of software? (Not to mention patches, auto-updates, etc...) (Also not to mention how much time you'd have to spend simply doing your homework to ensure compliance!)
This has been suggested before, and is a *very bad idea*. It is tolerable for things like drugs and nuclear power where a mistake could injure or kill people. Outside of such high-risk things, this kind of regulation should be avoided like the plague.
Well, first off, the question is misguided -- software development usually does involve consumer testing and feedback at every stage of the process (at least, good software development for a specific user-client; the user never wants what they tell you, nor do you build exactly what they tell you anyway).
More to the point, though, a lot of commercial software would be loads better if it had a more thorough testing process. But this would result in such poor times-to-market that the market would've already been cornered by the piece of crap that was released first and patched in the upgrade.
So yes, this would result in better software, provided you don't mind hamstringing the developers (with tons of new user requests) and the sales staff (when they have a product they can never, ever deliver on time).
Incidentally, sometimes the end-user's ability to use software other than it was exactly intended can be useful, to a sufficiently creative and powerful user... for over-the-counter commercial software anyway...
Freedom isn't free; its price is the well-being of others.
Wouldn't that make it harder for open applications to get in industry? Who would pay for the validation?
here's what I meant to write
It would certainly help usability. If you extend the analogy of unsuitable use of hardware to software, what if I click the wrong button or enter an illegal command. This should all be handled by good software.
The problem is that software producers (we can all think of one we hate) are in a rush to make more product and to release new versions. And that rush goes against the idea of quality. In a sense, the software has to be just good enough to get a user's money.
But if that process ever became standard, it might help quite a bit with security. Throw in some bogus data and see if anyone can read it or write to it illegally.
Ultimately, this will never happen unless users demand it, and refuse to buy a product unless it passes such a test. And I don't know if that will happen.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
Although, software can destroy 20 years of business data and bring down the whole company anyway, but it's easier to mirror/backup your data than it is to mirror/backup your house/office.
Having been on both the hardware and software side of the business, the reason the hardware side goes through so many certifications and steps is purely financial. Building the board the first time is not just the same amount of logic but also checks for interference, electrocution, MTBF and usability. All this takes additional time and investment. If you produce a bunch and stuff goes wrong, fixing it is costly but you can also hurt people. Even liability insurance is more expensive because an inert CD just can't do much damage, but a loose wire can kill.
Every step of hardware is carefully vetted because mistakes (and even success) are so expensive. That, in my opinion, was the huge benefit of computers: they can adapt to your needs by loading cheap software.
Not so with software. You can't know what hardware the end user will use. You can;t know every little idiosyncracy of every private network on the planet. You can't cover every edge case. Standardized testing like hardware can be put through is far less meaningful in such an environment.
This is not to say that testing, particularly thotough and thoughful testing is not desirable, I just suspect that it takes something other than a cookie cutter approach to test software thoroughly.
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
This will not make software better, only make it harder for free software developers and small software companies. Will slow the development process and add huge expenses.A way for big corporations to controle the software market.
You need approval for consumer hardware so that you don't kill people.
Bad software may have driven people to suicide
but I don't imagine there is any precedent for
changing the rules for software.
You can't (unless it's software that has a
real 'life-or-death' aspect) compare the
requirements to hardware certification.
Where such certification is required, the
software is produced by companies with big
bucks to invest and customers who are prepared
to pay what is costs to produce certifiably
good software.
Before anyone else jumps in; I know 'certifiably
good software' may be a pipe dream, no matter
what you pay for it, but that does not dismiss
the argument!
It's hard to test software for every possible use of it. Maybe for very specific propriatary software you can test every possible use and senario, but try testing everything you can possibly do with windows. Though you could force a company to test the hell out of specific uses of the software, like security, and possibly get certain aspects improved while other less essential areas just slide on by. However, this will never happen, as it would slow down the release and development of new software. Software companies can dump a lot of money into politicians and their campaigns to make sure they don't pass legislation making this kind of review mandatory for software. Look at cigarrettes. Their lobbyers have kept a deadly product with no redeaming value on the market, and it's less strictly regulated than meat or milk. Money buys everything, and Bill Gates has a lot of it.
It depends what you mean by "market approvals." If you mean mandatory, FDA / FCC / FTC style neck-stomping (which is what it sounds like you mean), then consider these actual responses from the Council of Wise Men, circa 2039 (they fell through a small time-warp, one of the many features in Gnome 6.2, which came out the previous year).
- "Your window manager isn't friendly enough to people with one hand and colorblindness. Sorry, you'll have to try again before you can legally release it."
- "Your human interface guidelines vary from ours. Sorry, you'll have to make yours conform to ours, or file a request for an initial variance hearing to take place within 90 days; at that juncture, an administrative board will determine whether a variance will be considered, and may at its option propose alternative remedies."
- "Your word processor saves in a format that's different from the Officially Approved Standard v1.39c (revised), and does not save into one of the other previously approved formats. Since it's new, you can't claim grandfathering protection either. Sure, you claim it's a transparent, XML-based, human-parseable format, but rules is rules. Sorry, you'll have to have your software re-evaluated by The Committee."
- "This game features images we think are offensive. You'll have to revise them before this can be released. Protection of children, dontcha know."
Trying to narrow this question to "commercial software" is a difficult task, too: remember, software can be written by people who don't program for a living, open source / Free software can be sold (and is therefore commercial, though distinct from the current conventional closed-source software business), and software not intended as "commercial" (is perl commercial? Not per se, it isn't) is often used in commercial settings.
Do you really want to limit the field of software to those pieces of software which have passed a bureaucratic approval system? Or to programmers who have buckled under and agreed to some imposed vision of software design? A lot of very nice open source software improves primarily by being tested (read "dragged through the mud") while in its raw state. Some of it might even be very useful in early stages, no matter how ugly it is, and since there's no accounting for taste, I would take umbrage at any particular list of requirements that tried to determine in advance how software should act. (Emacs?)
I like the fact that computers are flexible, and there's a robust, heterogeneous environment with lots of languages, security models, development styles and programmers. No system of centralized control *with the force of law* will do anything but weaken this.
On the other hand, there's plenty of room for voluntary, peacable information sources that do nothing but provide informative ratings, review compliance with currently conventional / acceptable standards, etc. Consumer Reports, Underwriters' Laboratories, Good Housekeeping Seal of Approval. This is also something Insurance companies do, and a reason that there's "hacking insurance" as featured on Slashdot a year or two ago. If a business cares to heed, or to act on, any of these sources' advice, they're free to and it may benefit them in the long run. I certainly don't want products to require the Good Housekeeping Seal, though.
[heart on sleeve]
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
...unless that software controls the confinement ring in your homemade fusion reactor....
Winged Power Photography
Indeed:
.
Your questions is the kind of question that:
A) Children in their wide-eyed innocence would ask. or
B) Blooming genius would ask out of fortituded and courage and be shunned
I beg you to take the compliment that A) and B) bestow upon you.
To answer you;
your simple question begs a complex answer,...here goes,...
Hardware is a physical commodity whose use is subject to, The laws of thermodynamics, the Law of Gravity , the restrictions of the Laws of Entropy and choatic disorder, laws of motion, etc. in truth, anything that is itself physical matter or electromagnetic energy may interact with this physical object and derange it into a source of physical harm to another physical object/person.
Hardware can touch you and is seen, felt, touched, etc., etc., etc...
Software can -CAUSE- physical harm, through function or malfunction, through placement or misplacement/displacment etc., etc. but is not the thing that , you guessed it, made actual contact.
Accident investigation can be expensive, yes? Yes!
But imagine the expense of PROVING that software was intended, or intentionally recreated or created, copied or reverse engineered to introduce fault that led to harm or catastrophic event. Multiply this expense at the end and beginning,..huh?
At the creation of said device and at its discovery at the scene of a mishap it must then be examined for possible even probable fault against a model that should predict said apparent failure EVEN THOUGH said model cannot completely emulate all possible causes of fault/failure. ( a hackers-black hat- code as opposed to a hackers - white hats- code) Each has their own style and methods to achieve a particular end. Modern software construction is not so strictly controlled/modelled that there is only ONE WAY, one predictable and inescapable way to make a function in cyber reality / software development - see what I mean?!? The ability to check software would require software codes of conduct WAY PAST Posix or any present idea of standards or conformity.
To prove something or test something we must have limits on what that ' something' can do or be even if it can do or be a lot of things,...software does not have that and proprietary software makers will spend megatons of money to make sure such standards NEVER come about until they( one company) owns the entire theater of software deveopment: Examp: Microsoft helped create the POSIX standard but their own software is not POSUX compliant,..sheeesh!
Idealogically speaking, it sounds like a very good plan. My problem with it is more political. Who comes up with these standards and polices them? Microsoft? The government? Its all pretty subjective and I could see alot of smaller projects (small companies, many open source software projets, etc) get crushed because of a large organization's interests. I'm scared to see who gets what control in enforcing Microsoft's "trusted computing." But that's a bit off topic...
The best model we can probably hope for is:
1) Have a well known peer review system where potential users of the software can see the advantages and disadvantages. I'd be happy even with a more centralized repository of professional reviewers.
2) Some maintenance and policing mechanisms so that the review system doesn't become flooded with disinformation
3) A software movement where more software (especially windows-based proprietary software) is designed using already existing and well tested software components and frameworks that can be scrutinized individually.
So what you're saying is that you've never used a piece of software (widget) that interferes with another piece of software (widget). I guess you've also never used a piece of software that doesn't fail gracefully and instead loses data. Both non-interference and graceful degredation are just as important to software as hardware. I really hope you're not a software engineer, although you probably are.
Ahhhh, but....
Last week I wrote an app for one of my users in about two hours. Obviously, that did not give me time to add exception handling, or really test it, other than the usual "yes, it gives her data, and it looks right."
She needed it in that amount of time, and I had no choice, other than to say no. So I handed it over with a disclaimer regarding it's stability. This week I'll find time to tune that app up, but who knows if she's handed it off to coworkers, etc.... and in that case, another buggy app just hit the masses.
I liked the previous burger analogy. All she needed was a burger, not a bridge.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
With the importance of the Internet and the fragility of some popular software (*cough*Windows *cough*Outlook), you could make an argument that these apply directly to software.
Does your OS interfere with other computers? Well, if a wide open hole allows whole sections of the net to go down, yeah, this widget interferes with other widgets. It may be difficult to burn down the house right now, but just wait until everybody has their home controlled by Windows Longhorn HVAC edition. Or what if a phreaker brings down 9-1-1 through an open firewall port? Credit card fraud and identity theft are common enough and dangerous enough to, possibly, be worth protecting against.
I'm a developer, I don't look forward to government edict making us even less competitive. But I also have to use the darn things, and from that perspective I'm as frustrated as anyone. Now if we could only get a "Software Quality" approval board *not* controlled by Microsoft, Oracle, etc, etc.
Microsoft has a Windows Logo program whereby you pay them to see if your product meets the standards to use the "Designed for Microsoft Windows ####" logos. I bet they can sue you for trademark infringement if you say your product is "Designed for Microsoft Windows XP" without getting their approval first.
In the Windows world, there's always Windows Logo certification.
Of course, it doesn't guarantee that the software is especially useful or bug-free, it simply means that it follows certain user-interface standards (whether those "standards" are ideal is another question, but consistancy is important). Of course technically, Office 2000 and Media Player should not have passed the certification, but that's another story...
The point is, as others have pointed out: hardware testing is mostly about safety and interference concerns, none of which really applies in the software world (barring specific examples like medical, aviation, or RF software, which already are required to meet certain criteria).
I don't see any standard hardware certifications that could be applied to software (usability, design, functionality, etc). So I'm not totally sure what the OP is asking about...
Add to that, much of the time these days, hardware comes with software; be it firmware, drivers, or a full-blown OS and hard disk (set-top boxes, etc). And many times a very high-quality piece of hardware comes with a buggy, closed, crash-prone driver that makes the thing more useful as a paper weight. Or maybe I'm just bitter about my Lexmark X125...
If you want to know that a particular hardware device is a good buy, high-quality, easy-to-use... you either test it out yourself, or you find reviews from magazines or other sources you trust. You ask a friend who has one. Or you buy hardware from a company you trust, and avoid companies that you don't.
The above paragraph works equally well if you substitute software in place of hardware. Thus, I don't feel we need any standards-bodies (or much worse, any sort of mandated certification procedure) for software any more than what we already have, in those cases where it's life-critical.
NGWave - Fast Sound Editor for Windows