Why Buggy Software Gets Shipped

astonishedelf writes to mention an article in the Guardian about the hard reality of why buggy code is sold on retail shelves. From the article: "The world's six billion people can be divided into two groups: group one, who know why every good software company ships products with known bugs; and group two, who don't. Those in group 1 tend to forget what life was like before our youthful optimism was spoiled by reality. Sometimes we encounter a person in group two, a new hire on the team or a customer, who is shocked that any software company would ship a product before every last bug is fixed. Every time Microsoft releases a version of Windows, stories are written about how the open bug count is a five-digit number. People in group two find that interesting. But if you are a software developer, you need to get into group one, where I am."

Windows Software Shop :-)

[Whiney+Mac+Fanboy]

Typical Windows Software house:

Vault's backend makes extensive use of features specific to Microsoft SQL Server. Contrary to popular belief, SQL isn't portable.

*shakes head* and then this:

Linux and MacOS users have problems over how end-of-line terminators show up.

Ouch!

Anyway, I do agree with the author for the most part (its all pretty 101 risk assessment stuff). It is inevitable that software will have bugs in it (especially commercial software shipped to a schedule). This is not really news tho'.

What I would like to see is some vendor honesty. How about making a list of known bugs available to your customer prior to purchase? (I know, I know, fairly warning a customer is madness, etc etc).

Re:Windows Software Shop :-)

[packetmon]

How about making a list of known bugs available to your customer prior to purchase?</i> I don't think the Board of Directors on any publicly traded company will allow this. The problem with many traded companies (and I'm using publicly traded companies since MS is mentioned) would be that the company wouldn't likely meet financials. Hence many pouring out shoddy programs. Imagine the trading price of MS if it did ship a list of known bugs alongside their products... I would think consumers would wait for a stable product before buying. Even if they did ship what they deemed a stable product, whose to blame for someone finding a flaw? The programmer who didn't have an insight to think outside the box similar to the hacker (and I use that term in its purest sense) who broke the product? Speaking of MS...

From:  Microsoft Security Response Center <secure@microsoft.com>
To:  "xxxx" <xxxx@hushmail.com>
Cc:  Microsoft Security Response Center <secure@microsoft.com>

Thank you for the update with regards to your findings. We are still
going through the repro stages of the case and there appears to be some
confusion over the concern. Do you happen to have a network trace of the
behavior that I could work with our development teams in reviewing to
ensure that we are looking at the same concern and avoid any possible
confusion on the matter?

Thanks,

Adrian
Microsoft Security Response Center

I've broken MS' MSRPC in a real bad way. There are no ifs ands or buts. I passed the information off to Microsoft instead of passing code to a full disclosure list. I've replicated this over and over, remotely and locally. I know for a fact because of the architecture of networking they will never be able to fix this. So what would you think as a consumer about to purchase a product with a hole that can never be filled.

Re:Windows Software Shop :-)

[Sproggit]

No no no no no no!!!

It is NOT inevitable that software will have bugs in it.
By your reasoning, it is inevitable that bridges have design defects in them, and that at some point (in their usable specified lifetime), will collapse.

This whole fucking "tinkerer" mentality that self important developer assholes have foistered on the rest of mankind, is no different from the self important tinkerer mentality that steam engineers foistered in the 1800's.

Take solace in the fact that the software development world will ultimately fall into the same engineering disciplines as steam and mechanical enginering before it, and whatever mankind pulls out of our asses after it.

Software and any other IT components will ultimately be consumer grade, and the inner mechanics (and bugs) will be a problem for the engineering QA department.

Re:Windows Software Shop :-)

All bridges DO have defects - a weld may be slightly off-center. A beam might be 1/8" wider/longer than it's supposed to be, the cement covering it may be cracking. The point is that we're all human and imperfect, so therefore the things we create are imperfect.

It is the job of the engineer (whether for bridges or software) to make sure that the mistakes that ARE made are not the critical ones - the ones that make the bridge collapse or the software crash.

Until the human race as a whole attains God-hood (whatever your diety, this is unlikely), this is a fact of life.

Re:Windows Software Shop :-)

[Whiney+Mac+Fanboy]

By your reasoning, it is inevitable that bridges have design defects in them, and that at some point (in their usable specified lifetime), will collapse.

I didn't say all software will have major bugs that lead inevitabley to the collapse of the software. Just that all software will have bugs.

All bridges have defects too you know - the suspension cables will be slightly uneven, or some features of the fascade will be unsymetrical. Bridge engineers make damn sure there are no structual problems that will lead to collapse (but even they fail sometimes).

I wish software engineers would be more like bridge engineers as well, but the cost of failure (and the cost of fixing in the event of a failure) are so different between bridges & software that its not likely to change.

Re:Windows Software Shop :-)

[Loki_1929]

"How about making a list of known bugs available to your customer prior to purchase?"

There are several reasons not to do this. Not the least of which is simply that most customers don't want to know what's going on inside the application. They want to click "Button A" and have "Box X" pop up and start flashing - or whatever. They don't know that 300 lines of code went into making that happen and they're fine with not knowing that. They certainly don't want to be forced to actually understand what each of those 300 lines of code are doing. Try to explain it to them and watch their eyes glaze over in a hurry. You can try to simplify the explanation for them, but it'll never be enough because they can't grasp the problem without understanding what goes in to making it work; a necessity in understanding why it doesn't.

The point is that when you get into listing bugs, you have a number of caveats. First of all, in their eyes, you're telling them that the application you're selling them is broken. Sure, those bugs may never actually affect them. They may even be in parts of the code that aren't even used yet because it's part of a feature not currectly activated. But hey, you're selling them a broken program. Remember the Pentium floating point fiasco Intel had to suffer through? What was wrong with their processor? Nothing that isn't wrong with anything ever manufaturered: minor defects that rarely or never manifest under normal operating conditions. What happened when the news got out about the floating point bug that didn't affect more than a hundreth of a percent of buyers - if that? The 'public' went ballistic about it and Intel was eventually forced to do a recall of CPUs that were perfectly functional. Nevermind the fact that AMD and Intel routinely publish a long (and growing) list of 'errata' for their processors that are chock full of bugs. The moment the public got news of a single errata (which, again, didn't even affect them), they demanded replacement "working" products. Are you, as a company, going to expose yourself to that kind of liability?

Basically, the customer doesn't understand the inner workings of your application, doesn't want to understand the inner workings of your application, and if you try to make them understand anyway, bad things will likely happen to you. People can handle unexpected behaviors (bugs) when they're discovered and a promise is made to make it right (patch, updates, etc). But if/when they get wind that you knew the bug was there, and that there were others? That's a receipe for disaster.

What geeks/coders need to understand is that we make up a vastly small minority of software users. Unless and until a vendor is selling products to, and only to those who are informed, knowledgable, and intelligent about computer code, you will never see a list of known bugs right on the box. If it's there at all, it'll be made as obscure as possible so that your average Joe can't find it. Why? Because average Joe will go nuts regardless of how inconsequential the bug is, or how much it would push back the release of the product to stamp out all the (known) bugs.

Personally, I don't blame developers and vendors one bit for obscuring the known problems. When I run into a bug in something like MySQL or PHP, I can find out about it, whereas slightly-above-average Joe (beginner PHP page creator) would have a heck of a time. I find that to be ideal, as I can find the information I need and Joe's not taking up the vendor/developer's valuable time whining about 10,000 bugs he'll never see in his life.

Re:Windows Software Shop :-)

[TheJediGeek]

While it's true that many things in the world do have defects, that's not really the issue.
That whole article sounds more like "We, in group one, are the cool kids. All the cool kids accept bugs. Why aren't you a cool kid?" It is loaded with the underlying tone of "I'm smarter than you because I accept bugs as normal"

After the condescending beginning, which assumes that every single person in the world has an opinion on software bugs, the loser then goes on to make excuses.

"Bugs are inevitable, so why bother fixing them?"

The idea of fixing bugs is NOT a binary one: Fix all or fix none.
There should be a point where an effort is made to fix as many bugs as possible, or at least the ones that cause major problems. Minor bugs can be acceptable, but the current trend is for show stopper bugs to be left in for whatever reasons.

Then there's the excuse of "fixing a bug may introduce new ones!" TEH NOES!
"It might not work so I won't even try." Seriously, if I had this kind of attitude where I work, I'd be looking for a new job pretty quick.

The entire thing just sounds like a condescending pile of excuses from a lazy, incompetent developer. Maybe he's trying to get a job writing technobabble articles since he probably won't be a developer much longer.

Re:Windows Software Shop :-)

[morgan_greywolf]

Imagine the trading price of MS if it did ship a list of known bugs alongside their products... I would think consumers would wait for a stable product before buying.

Nonsense. Every major open source project has a complete list of bugs for all versions of their product for all to see, usually right on their Web site, which you can read prior to downloading. For instance, if you click on the Release Notes for Firefox, linked to from the front page, you'll see not only a list of known issues in the current production release, but there's a link to their Bugzilla database so that you can read bugs that have recently been filed against it.

If people would really not buy a software product if they knew about all of it's bugs, then why would they download and install any open source applications? Because they don't have pay for them? Just because you don't pay for a piece of software, that doesn't mean it costs the user $0 to install and use.

Re:Windows Software Shop :-)

[colmore]

Reading this made me cringe:

"All the reasons are tied up in one truth: every time you fix a bug, you risk introducing another. Don't we all start out with the belief that software only gets better as we work on it?"

Holy shit! I can't imagine being on a team with that attitude? Do you people write tests? There are dependable ways of insuring that changes don't re-introduce old bugs, and if you can't fix one thing without causing a seemingly unrelated problem, you're working with some pretty smelly code.

There's definitely truth in the statement that the need to use software and the need to eliminate bugs can be at odds with each other once the bugcount is low enough that the product is usable. But... isn't that obvious? How many open source projects out there (without version numbers approaching a known irrational number that is...) can really brag of being bug free?

BUT this article is a good reminder of why I'm glad the boxed-software days are coming to a close. Software should either be written with a client present or by people who intend on using the product themselves. Trying to come up with a featureset for some vague "target market" is a horrbile way to write software. Software is unique because it is both engineering and design at every phase of its creation... and without set feature requirements and feedback, there's really no way to know if what you're making is well engineered or not. Anyway, don't work in a closedsource / many customers environment... it's bad for the brain.

Re:Windows Software Shop :-)

[packetmon]

It does cost zero to install and use. What I was talking about was on a corporate level just so you understand. I don't see IT managers of Fortune 500's or 1000's rushing to replace IE with Firefox do you? Since you want to bring up Firefox (which is what I'm using just so you know), you do know that throughout this year there have been just as many if not more bugs with it then IE. If you also care to notice, Firefox as does most software developers place their bug notices mainly after they've been patched. Not once have I seen any developer of any software place a "Hey before you use this product here are its bugs" note on any site, disclaimer, etc.

Re:Windows Software Shop :-)

[idontgno]

Failure is not an option

According to TFA, in their software shop failure isn't an option there either.

It's standard equipment.

Buh dum ching!

Re:Windows Software Shop :-)

[Keeper]

The idea of fixing bugs is NOT a binary one: Fix all or fix none.

You fail to differentiate between known and unknown bugs. You can't fix a bug you don't know about.

My general rules/laws/axioms about bugs:

Some bugs are worse than others.
Fixing bugs is good.
Fixing bugs may introduce unknown bugs.
Introducing bugs is bad.
There is always at least 1 unknown bug.
Unknown bugs are found over time.
All bugs cannot be found in finite time.
Uknown bugs may be worse than known bugs.

If your goal is to ship with zero bugs, you never ship. If your goal is to fix every known bug before you ship, you risk shipping a product with serious unknown bugs.

Re:Windows Software Shop :-)

[objwiz]

I disagree.

I think the laywers won't allow us to release that information for fear of making lawsuits that much easier.

I work for a commerical software developer (hence unnamed to protect blah blah). Yes we do ship with known defects. Our lawyers look over everything to the nth degree. They look at every screen we developed. They look at every report the program generates. They look at every help link. The list is pretty long.

Yes BoD is about ensuring the company is profitable. But profitable doesnt have to mean shoddy and many companies honesty try to deliver quality products. So I feel its a bit contrived to suggest that the BoD primarily responsible.

If anything releasing bug information would make the company more reputable therefore more profitable because more customers would be interested in dealing with a sincere and honest company (my program managers hold that view anyways).

Re:Windows Software Shop :-)

[Tim+Browse]

I've broken MS' MSRPC in a real bad way. There are no ifs ands or buts. I passed the information off to Microsoft instead of passing code to a full disclosure list. I've replicated this over and over, remotely and locally. I know for a fact because of the architecture of networking they will never be able to fix this.

And yet you can't work a 'preview' button? :)

Re:Windows Software Shop :-)

[Tim+Browse]

My favourite version of this was a comment someone made on here a while back - something like "That bridge you made was great! Can you do us another one, only this time make it work in a universe where electrons have +5 spin..?"

Re:Windows Software Shop :-)

[GeorgeMcBay]

The software and bridges/houses argument is as stupid as it is old. Do you know what the cost of software would be if it had to be as failsafe as you want it to be? You'll be paying several orders of magnitude more than $500 for your copy of Adobe Photoshop if it has to be certified crashproof, and honestly the price just wouldn't be worth it. It isn't that nobody knows how to make nearly defect-free software.. there are companies that specialize in this while writing software for applications where peoples lives are on the line (control system for spacecraft, etc), the problem is that creating software like that is RIDICULOUSLY EXPENSIVE, and there is no silver bullet that will fix that. Are YOU going to pay the costs of all that reliablity? Do YOU want to deal with the stagnation in, say, videocards, due to the fact that every videocard driver has to be 100% crash-free, and the time lag that such engineering would involve?

I don't think you've thought this thing through to the real world economic implications.

Re:Windows Software Shop :-)

[runcible]

> very time you fix a bug, you risk introducing another

Risk. RISK. Riiiiiiiisk.

How can you even take umbrage with that?

Any time you change a code base, you RISK introducing a new bug. You cannot, cannot argue with that.

Re:Windows Software Shop :-)

[syousef]

Holy shit! I can't imagine being on a team with that attitude? Do you people write tests? There are dependable ways of insuring that changes don't re-introduce old bugs, and if you can't fix one thing without causing a seemingly unrelated problem, you're working with some pretty smelly code.

You're new to this aren't you.

If you can find a way to PROOVE that a less than trivial fix hasn't broken something else, you'd be too busy sailing the world in a multi million dollar cruiser to post to /. - the very fact that you don't understand this makes me immediately think of you as a cowboy coder.

If you're working on a word processor or other piece of non-critical software no problem. When billions of dollars or lives are at stake you'll need to mitigate the risk with something other than "if you can't fix one thing without causing a seemingly unrelated problem, you're working with some pretty smelly code". Are you willing to bet your life on your code fix? How about the lives of your loved ones. There's plenty of software in a hospital or on an aircraft that must be that good.

As for tests they can only tackle a very finite number of situations. They're definitely good for finding bugs that have been introduced. They're no use whatsoever for prooving you definitely haven't introduced a new bug.

And lo, there was much rebuking

[linvir]

I disagree with his grouping. The vast majority of the six billion doesn't give a shit about software bugs. They're primarily concerned with their ability to exchange services and products for money and vice versa, and if they do have free time, they don't spend it fretting about XP's bug count.

But if you are a software developer, you need to get into group one, where I am.

Or maybe even better would be for both groups to continue to exist. The Jedi need the Sith, and smartasses who don't worry about bugs need idealistic noobs who find them shocking. This sounds like the case of someone who's managed to become so surrounded by likeminded coworkers that he's completely convinced that his is the One True Way.

And do we really need that much whitespace on a news page? I know about that whole '10 words per line' usability mantra, but it looks fucking ridiculous. Why can't all the other website owners just think exactly like me?

Wow, look at all that rebuking. Do I win Slashdot?
(IAJAFSS (I Am Just Another Fucking Smartass Student))

A separate question

[Southpaw018]

The argument about the enormous bug count in Windows isn't really about every last bug being fixed. The article fails to address a separate question: whether you're allowing the public to do your beta testing for you.

The idea of QC/testing/beta/whatever the heck you want to call it is that you get as many bugs as you can fix while accepting the ones that will remain behind. That's absolutely correct. However, there are companies - like Microsoft - that are notorious for either being sloppy and not getting bugs they should have, or just straight up not caring at all and rushing a product to market that legitimately shouldn't be there.

The argument can even be extended to good coding practices, like worrying about security fron start to finish rather than after you've entered beta (another well known Microsoft flaw, though they're getting better at it). That reduces the number of bugs to begin with, which in turn gives a better product.

Re:A separate question

[Ansonmont]

Not a fanboy of MS, but they certainly haven't rushed Vista out. I'll bet that they do ship it in s pretty buggy state when it does come out, but they have delayed its launch it is becoming like Duke Nukem Forever.

Anyway, yes, most people don't care about software, but you also have to look at what the application is trying to do and what you need it to do.

1) Rules of thumb: The last 50% of a project is spent taking it from 95% to 100% (or really 99% as the case may be...)

2) Is the software used for medical purposes? Financial? Downside to those barfing are HUGE. Or is it a game that is meant as a fun diversion? All of those make a difference in people's tolerance for bugs/undesired effects/undocumented features ;-)

The consumers have spoken with their wallets. So far they have said that low cost up front (PC) is worth more than a more stable, polished platform (Mac). Less true now, thouh, XP isn't that bad. I use PC for work, Mac for home, Linux/Unix rarely.

-A

Member of Group 1.5 Confused

[PrescriptionWarning]

I propose we call a meeting with Groups 3-12 and 15-20 and see if we can get some kind of real analysis of what Groups 1 and 2 are really thinking.

No idea

[Unski]

..why buggy $oftware is $hipped. Can anyone help me with thi$?

Buggy code is sold because it is demanded

[crummyname]

In many cases, the customer *needs* the software now, bugs be damned. If you don't, your company goes under.

Re:Buggy code is sold because it is demanded

[drooling-dog]

I'm surprised I had to read so far down to find this, the real reason. Stuff gets shipped because somebody needs to make their numbers, now. Sometimes the survival of the company is at stake, and sometimes it's just an individual climbing the career ladder.

In a previous life I was in charge of software development for a smallish company whose business was scientific software and systems. To my repeated horror, the CEO and the Sales & Marketing VP would get together and decree - perhaps for reasons that were very compelling to them - that major software packages would be released to customers with no testing whatsoever. Stuff went straight from the compiler to the customer, sometimes even without a cursory walkthrough of functionality. For objecting, we, the software people, were branded as troublemakers and criticized for not being "team players". Once labeled in that way, I would be pretty much ignored any time I had to report that a new product or an update was not ready to ship. Needless to say, I left that company in a hail of bullets.

To this day, I still laugh when I hear people say that Open Source software can never measure up to "commercial standards". Depends on whose commercial standards you're talking about...

Re:Welcome to Group One

[Threni]

> If you are in group two, than I post this for you.

> Theoretically, there is no language that is more or less prone to bugs than any > other language as understood in Turing Completeness. Without delving too much
> into this, it simply states that all languages emulate a Turing machine to some
> degree and therefore should be capable of everything a Turing machine is capable
> of (although I don't think this says anything about time/space efficiency).

If you understood Turing Completeness you'd be in group one.

The Reason: PHBs

[koweja]

99% of the time it's because upper managment either promised the customers features that could not be implemented or gave the programmers too little time and/or resources to finish the job. While not software development, I am having to deal with a similar problem right now. We are moving our website to a new CMS system. So we have to move all of the content from our old pages to the new system using a slow, buggy, web based system. In the beginning we were told by IT that we had until June 5 to complete the move, so we scheduled our time accordingly. Things progressed slowly but in time to meet the deadline. Then Tuesday morning we get a call from the assholes in PR that we have to have everything done by this Friday. We just had our remaining time cut in less than half. There is no way we can get done, so the site will be incomplete. PR gets no blame and we look bad.

Re:The Reason: PHBs

[__aaclcg7560]

Then Tuesday morning we get a call from the assholes in PR that we have to have everything done by this Friday. We just had our remaining time cut in less than half. There is no way we can get done, so the site will be incomplete. PR gets no blame and we look bad.

That's always fun. When I was the lead tester for DBZ: Buu's Fury GBA at Atari, the producer revised the schedule without informing us and I didn't find out until two months after that happened. On top of that, Nintendo insisted that we put in wireless multiplayer capability because the title was coming out the same time as the new wireless adapter was being released. That was a disaster in the making since the wireless API was unproven (even Nintendo had a hard time with it), we didn't get the wireless adapters until a few weeks before we were supposed to code release, and I was planning to leave the company because my boss thought I wasn't working hard enough (I worked 28 days straight before I left, BTW).

I made extensive arrangements to be the fall guy if this blew up after I was gone so my team wouldn't get fired in my absence. Since I was leaving the video game industry, I wasn't concern about my reputation if I had to take the blame. However, everything turned out as I expected. Nintendo rejected the title for wireless multiplayer bugs, the wireless capability was pulled from the US version (the European version shipped with it a month after the US release), and no one on my team was fired. Well, not immediately. Within a year after I was gone, all my team members were picked off one by one even though they were the most experienced people in the department. I guess my boss found out I reported him to HR for an ethical violation.

In my experience, here's the reason

[Weaselmancer]

Managers.

Specifically, managers who don't know enough about the project (whatever it may be) and make unreasonable promises to their superiors about shipping dates. It seems that the way most businesses are set up reward managers who complete projects on time or early, rather than the quality of the product. As a result, managers tend to rush development teams through their tasks and the end result is a buggy release. And a manager with a bonus check.

If software shops could change their focus to creating a better release product but with a flexible time schedule...say for instance, rewarding managers for fewer bug reports and service calls rather than completion dates, you'd have an entirely different picture.

Re:This is why

[PrescriptionWarning]

compiler error: $DIETY does not exist (except in weight-loss applications). Please use $DEITY.

Nature of Competition

[DuSTman31]

Regardless of the nature of the software development team, the nature of competition remains the same.

Stagnation is costly - delaying a product launch drives people to the alternatives (both due to the alternatives updating faster, and due to the lack of progress seen by the outside world).

Of course, buggy software is costly in terms of reputation, as well, so the end question becomes at what point will the delaying of the release cost us more market share then the remaining bugs will.

Unfortunate from a purists eyes, but it's just the way things go.

bugs, so what?

[ComSon0]

We buy buggy cars, houses, and anything else you can think. Nothing with the aim of perfection *ever* gets done.
So what's the big deal?
I understand shipping something like bad tires that will eventually kill people should not be done, but anything that does not cause harm or major finantial distress should just be dealt with during the normal lifetime of a product.
I am an embedded systems developer. We take care of the functionality problems before shipping and work on the corner cases as we move along.
There is no way a group of people, doesn't matter how large, can think on every possible problem that can occur.

Show me one thing that's man made and that's perfect and I will eat my shoes.

-later!

Re:bugs, so what?

[tbone1]

I work for a company that does medical publishing. Our data is used by many medical professionals in highly-stressful, quick-paced environments. If we mess something up, it can kill people.

And if our IT staff had the same intelligence, competence, and vision as our management team, we'd kill over 10,000 people a week.

Re:bugs, so what?

[Al+Dimond]

The Computer Modern fonts (as used in TeX) are perfect! Or, at least, perfect enough that "These fonts are never going to change again". I think the same thing is also true of TeX itself, but I may be wrong. :-P

Real reason

[gowen]

Because, by and large, no one gets killed when commercial software crashes.

In those cases where it does; e.g. medical/aviation software, usually embedded people take the time. If aviation software designers cut the same corners (w.r.t. bugs vs. features) that office software designers do, planes would fall out of the air and people would die. So they write well engineered software, in well engineered, fault tolerant languages (lika Ada). (Yes, yes, Ariane, but thats the exception that proves the rule)

The real reason buggy software is shipped, is because buggy software is accepted by the market, and people will keep buying it, and continue to roll their eyes when it crashes, because they're completely inured to it, and many of them have reached the conclusion that its literally impossible to write robust, stable software.

It's not, but the profit margins are narrow, and no-one seems to mind (or rather they mind, but keep forking over their money anyway). So no-one bothers to.

Face if folks, we're enablers.

Re:Real reason

[blamanj]

In other words, companies get away with shipping buggy software because they can. If customers demanded it, the way manufacturers of airplanes and medical equipment did, the industry would be force to respond.

The problem is, computers are so useful, that customers would (for now) rather put up with bugs than do without. Just as in the early days of the automobile, people would put up with the danger of having the hand-crank break your arm if the car backfired while you started it. Cars were new and had big advantages over horses and mules. Nowadays, however, if you tried to sell a car that was likely to break your arm (or even required hand cranking) you'd go out of business in a heartbeat.

Face it, computers are still in their Model-T era.

Re:What a load of crap

[Mindwarp]

How very black and white of you. So the large Investment Bank shouldn't ever put its new trading system in place, which has the potential to make them hundreds of millions of dollars, because of a couple of small, esoteric display bugs in the GUI?

The real world is all about risk/benefit analysis. The only places that ship guaranteed bug-free code are those where human life is directly affected by the output of that code. For anything other than trivially simple systems the cost/benefit analysis will rule out formal code proof in anything but the most necessary of circumstances.

Re:Welcome to Group One

[greg_barton]

Type in a sentence you're thinking about. Highlight part of it and bold it. Highlight a different part and hit escape seven times.

ON, I did that. Where's my damn easter egg?

Re:Welcome to Group One

[jizmonkey]

The article was about why known bugs ("thousands of bugs") aren't fixed before ship, not why all bugs aren't found.

because we want it NOW!

[LWATCDR]

Look at Vista. Everyone is complaining about it not shipping on time. I have yet to hear anyone say. It is a good thing that Microsoft is fixing all those bugs.
Product ships late because of bug fixes. Why is it taking so long.
Product ships on time with bugs. Why didn't you fix the bugs before shipping.
You just can't win

Re:Welcome to Group One

[exp(pi*sqrt(163))]

Theoretically, there is no language that is more or less prone to bugs than any other language as understood in Turing Completeness

Frankly, this is complete garbage. Try writing an application in the Turing complete language Brainfuck or 6502 assembler and compare that with writing in the Turing complete language Haskell. Turing completeness is completely irrelevant and you're simply quoting CS 101 to give your comments an air of authority.

Re: Vendor honesty

[Medievalist]

What I would like to see is some vendor honesty. How about making a list of known bugs available to your customer prior to purchase?

Good idea! You go first.

My experience

[bbroerman]

I work for a large software shop. In my experience it boils down to:

1. Accellerated schedules created by management / client without development buy-in.
2. Management cutting development phases in order to get things done faster to meet dates from #1. (i.e. design reviews, code reviews, phases of testing, etc)
3. Shipping portions of the development off to India teams (in order to save money) who are under trained, and can't speak the same language as the other developers, and who won't ask questions when they don't understand.
4. Giving development / design tasks to people with no experience in the subsystem that they are being assigned to, because management believes that one developer is as good as any other... we're just bodies...
5. Churn in employees... Better / more experienced people leaving for better jobs, and noobs coming in to replace them. After a while, you have too many noobs, and not enough older, more experienced folks.
6. Colleges not training people on common coding errors, proper design principles, good design patterns, proper testing and documentation strategies, etc.
7. The old addage: Too many cooks spoil the broth. Some times, there are too many senior developers, architects, etc. workign on a design, an they all have their favorite ways of doing things. Many times, even within a single subsystem, one senior person will move to a new project and a new one will come in, and want to change the process / design to fit his style... and usually at the last minute...

Now, as to why bugs don't get quashed quickly:

1. Lack of enough informatin from the person experiencing the problem to allow development to recreate the problem.
2. High complexity of the systems involved.
3. Bad library design / separation of concerns / encapsulation, etc. means that a small bug in some unrelated libarary can cause problems where you never expected them.
4. Developers who aren't experienced enough with the code / subsystem to be able to find said small bugs. (i.e. see number 4 and 5 from last list).
5. Developers who aren't given training and experience in the proper use of debuggers, memory checkers, etc. (how many college hires out there really know how to use dbx to track down a bad pointer in the free list?)
6. Too small a staff, too much to do.

I see each of these every day!

Re:My experience

[subnomine]

I would agree on all points, and add one more group of causes for bugs: morons and crack-heads. Ok, maybe that's obvious...but not to management. I worked for a company whose tiger-team of contract labor consisted of: a drug abuser, a dead beat dad, an imbecile, and one really nice guy of no special education. Of the four, the crack-head hoodwinked management into thinking he was crack-coder, a virtuoso. He used 8 lines of code to copy a (double) into a (long) using sscanf() (instead of just using the cast). No, I'm not one of the four, nor management! :)

Re:My experience

[Tim+Browse]

most don't speak English very well, if at all, they don't ask questions when they don't understand (they just say "I'll get that done", and then either don't do it, or do it wrong), and they don't have experience with our system, and yet Management wants them to do x percentage of designs and development work...

Hang on...I'm just trying to spot the difference between them and about half the programmers I've ever worked with...

Re:MS Word Easter Egg

[cerberusss]

Open up Microsoft Word, type "=rand()" without the quotes and hit enter.

You bastard! When I typed this, my PC froze! But since it's also a server, it rebooted itself, mailed a Nigerian scammer my home address, started a DDOS on the local authorities and blew itself up, taking half of the data center along with it. When I came home, the Nigerian scammer had raped the dog and the cable guy from the ADSL company who had showed up at my house. When I told my wife, she replied that she didn't care since the left me this morning and took the house along.

So thanks to your FUCKING easter egg, I am divorced, broken, homeless and worst of all, WITHOUT AN INTERNET CONNECTION.

Thanks for nothing.

How about Group 3?

[dpbsmith]

Group 3 consists of people who acknowledge that fixing all bugs is impossible, and that judgement is necessary in deciding which bugs need to be fixed... but nevertheless contend that within the personal computer software culture in the United States, these judgements consistently err in the direction of shipping software with too many bugs.

The personal computer software culture in the United States is much like that of automakers in the United States circa the sixties, who insisted that the low quality of U. S. autos was the result of the best and wisest judgement... and that public toleration of low quality, as reflected in good sales and profits, validated their judgement.

Good sales and high profits, that is, until overseas competitors began to ship high-quality cars to the U. S.

Yeah how about those examples?

[Mateo_LeFou]

"Cost: Very high. Vault's backend makes extensive use of features specific to Microsoft SQL Server"

Read: we got embraced and extended all to hell. What do to? Blame SQL! That's right, the language itself! It "isn't portable". Also blame users! "People who refuse to use SQL Server can't use Vault."

And here's some typical MS morality for you: "I'd probably even patent this algorithm even though, in principle, I believe software patents are fundamentally evil."

I don't expect bug-free software of any real complexity to be shipped often. But the examples are both interoperability problems, and not actual bugs. Looks like an excuse to marginalize the non-windows crowd. "...only affects users on non-Windows platforms, a rather small percentage of our user base."

The numbers are too big

[truthsearch]

It took a leaked Microsoft memo to find out Windows 2000 shipped with 65,000 bugs. Even the author of the memo wrote, ""How many of you would spend $500 on a piece of software with over 63,000 potential known defects?"

The problem is with a number that large, no matter how small the proportion is to code size, the backlash would be huge. No potential customer could hear that number and then actually want to buy a copy. I believe they should disclose as much information as possible. But from their perspective no amount of marketing could make up for the negative impact of disclosure.

Foolishness

[daVinci1980]

That's foolish. There are bugs in every project of every size. Including bridges. And skyscrapers. Remember the Tacoma Narrows Bridge?

Normally, those bugs have low Severity or Frequency (or both). Sometimes they have catastrophic severity.

Did you know that the twin towers were built to withstand a direct impact from a 707?

Bugs are a fact of life. They follow from the mantra 'nothing is perfect.'

Re:Foolishness

[honkycat]

It was a "bug" in the sense that the design specification was insufficient. After the bombing, it was determined that they were sufficiently engineered to withstand expected stresses. The stresses they encountered were greater and they collapsed.

This is directly analogous to the discussion of bug severity in the article. The engineers decided that the severity / frequency of risk coupled with the cost of further upgrades did not warrant the improvements. Either they underestimated the severity/frequency and should have done further upgrades or they made the right call and we just have to live with the fact that we can't fix every "bug" in every design. If you don't like to think of it as a "bug," think of it as a shortcoming or limitation.

I'm sorry for your loss, but there are still lessons in engineering that can come from it. It does no service to the memories of those lost to ignore those lessons. That this event was caused by people with ill intent rather than natural randomness is utterly irrelevant. The fact is that every system has limits beyond which it will fail.

Gears of War

[Unkynd]

Did anyone see the MTV special about the new XBox 360 game Gears of War? At the end of it, Bill Gates walks up to the Lead Developer (atleast i believe he was the lead), and basically says "So, you are gonna have this ready by August, Right?"... The developer reluctantly agrees that it will be ready by August. Bill Gates responds "Great, we are counting on you." Talk about pressure to get a product out. Can you say buggy release?

Not all companies release software with KNOWN bugs

[Richard+Steiner]

When I worked at then Unisys Airline Center in the early 1990's, the defect count for the product we were working on (USAS*CGO, an air cargo airwaybill processing application) had to be down in the single digits before a new version of the product was released, and we delayed the release of USAS*CGO 11R2 for several weeks until that goal was accomplished.

Customers were also made aware of the outstanding issues, but in our case all customers also had the source code to the application (mainframe software in the airline industry worked a little but differently) so the relationship was a little closer than the typical developer/user relationship for shrinkwrapped software.

Re:I Thought It Was Relevant

[colmore]

No dude, you're wrong. I suppose you can believe that with sufficient abstraction, you're right, but you're not. All that formal systems theory and Turing business is great talking about abstract systems running abstract algorithms, but such discussions have zero to say about anything having to do with HUMAN error, which is what we're talking about here.

I've probably spent about equal time writing C and writing in higher level languages, and I can promise that I make fewer errors in higher level languages, doing equal tasks. I think anyone with a lot of code under their belts can make similar statements. The closer to the machine a language makes you work, the harder it is to keep higher level details in the back of your head. In a high-level language, you're much less likely to make a low-level error (and any you make will almost certainly be caught by a warnings mode on the compiler, and this leaves you to keep more of your neurons working on, for instance, keeping your database and its wrapper classes working together correctly -- a task that is, perhaps, a simple afternoon's work in Python, Perl, Ruby etc. two days in C# or Java, and a week of hair-pulling in C... and well... I doubt such a thing has ever been done in assembler.

Anyway, drop the semantic B.S. this is a debate about practicalities.

Re:I Thought It Was Relevant

[aramael]

I thought it to be completely relevant in order to dismiss people complaining that one language is more error prone than another.

Why do you dismiss a complaint which speaks to the very heart of the problem? A large class of bugs simply would not exist were a different language used. This is not pie in the sky stuff; it's a real phenomenon.

If one language is less error-prone than another, then an application written in that language will have less bugs.

If an error-prone language is being used to write software, then this surely has to be a reason why buggy software gets shipped. Why are you dismissing people who complain about error-prone languages?

It's called Software Engineering for a reason

[gillbates]

One thing which immediately struck me was that the author seems unaware of a key software engineering principle: Reducing design complexity reduces the number and severity of bugs. By now, we all know that there are tradeoffs between complexity, time, and features. However, all other things being equal, some people and organizations consistently produce better software than others. Consider, for example, Linux and Windows. The key reason Linux is more stable and more reliable than Windows is that the process which produced Linux is inherently better at catching and correcting flaws than the one used to produce Windows. Anyone who has ever had to commit a patch to the kernel team knows that design changes are thoroughly vetted before being accepted into the source tree.

Even I have completed some rather large projects without a producing a single bug. It wasn't a matter of coding skill, but rather, that I designed the software such that:

• It was broken into modules with clean interfaces, so that each module could be independently tested and verified.
• It was designed such that a bug in implementation would be apparent immediately (i.e. - it would crash).
• It was designed to accommodate the inevitable change in requirements.

Even very complex software can be written virtually bug free if good software engineering principles are followed. Something as simple as adhering to the Unix design principles can drastically reduce the number of bugs in a shipping application.

Generally speaking, the old adage about "failing to plan is planning to fail" holds true with software as well. The core idea behind software engineering is that quality is improved not by doing more testing, but rather by improving the process by which software is written. Consider the following two, widely used approaches to software:

1. Define the requirements.
2. Design the software as a large, monolithic application with numerous interdependencies and no clean interfaces.
3. (RE)Write the software.
4. Test for bugs.
5. If bug found, goto step 3.
6. Marketing promises something engineering can't deliver. Requirements change; goto step 1.
7. Customer complains that feature X isn't implemented. Requirements change; goto step 1.
8. Marketing adds features to product brochure. Requirements change; goto step 1.

1. Define the requirements.
2. Partition the requirements into easily tested modules separated by clean interfaces, anticipating the need to add future functionality at a later time.
3. Design each module.
4. Write the module(s).
5. Test the module. Bug found? goto step 4.
6. Marketing promises something engineering can't deliver. Requirements change; goto step 3.
7. Customer complains that feature X isn't implemented. Requirements change; goto step 3.
8. Marketing adds features to product brochure. Requirements change; goto step 3.

With the second model, changing requirements do not require a complete rewrite or complicated analysis of the entire system. It is a flexible model. The key problems is that it is a hard sell - the design requirements phase takes more time, but it ultimately provides the flexibility that management and marketing require.

One of these models addresses the fact that requirements frequently change; the other does not. One of these models takes into account the fact that complexity is hard for a single person to manage, and one does not. One model limits the amount of damage that a single, bad coder can inflict, and one does not.

Yes, we may not fix every bug, but we can at least use sound design processes to minimize the impact of bugs. BTW, the fact that Source Gear can't interoperate with other databases is not merely a bug, but a design flaw. Had it been properly designed, using a

Re:MS Word Easter Egg

[hobbesx]

Think of it this way:
At least that Nigerian scammer doesn't have your address anymore...

Turing machines

[DragonWriter]

The theoretical limitations of Turing machines might affect the ability to detect bugs (then again, the halting problem -- one of the most common "limitations" referred to and the one brought up repeatedly in this thread -- is only intractable for a universal Turing machine; for real machines with finite memory, which, unfortunately, real comptuers tend to be, halting is decidable, so that particular limitation is no excuse for software bugs on real machines), but the practical difficulty of establishing correctness are substantial, though.

And those practical difficulties are, as I understand things, affected significantly by language features, which is why some languages (like Oz) are designed with ease of reasoning about code as a priority.

(And, of course, a major practical limitation of proving correctness is that proving code is correct doesn't help if the environment it runs on isn't also proven.)

What you Want vs Ask For; and hopes for the future

[martyb]

This represents the UNCHANGING blue-print for the software. The customers would get exactly what they wanted, and you would produce a solid software product. (emphasis added)

I share your vision of hope for the future. But I would first like to digress for a moment on your statement before fleshing out how I DO agree with you, too. (BTW it is currently 4 AM so I apologize if this rambles a bit. I've tried to go back and edit it to make it clearer, but I seem to keep making mistakes. That in itself seems apropos to this discussion. <grin>)

In my experience, it's more like: the customers get what they asked for and then find out they did NOT get what they WANTED. The problem is that the customers do not understand software, the environment the software runs in (hardware, political, and legal), what is possible, and what has never been done before. It's more often the case that "they will know it when they see it, but they can't really tell you what THAT is, exactly, before hand." Further, because they do not know what is and is not possible, they don't understand the ramifications of their choices. Lastly, there is a HUGE difference between research and development. It's one thing to code a one-off of something you've done many times before; it's quite another to do something completely new, and get it right the first time. As more and more people become computer literate, and gain first-hand experience on using software, I am cautiously optimistic that this disconnect will diminish over time.

Strive to UNDERSTAND your problem,
Don't try to SOLVE it.
A fully stated problem embodies its solution. D.T. RossSofTech;November 1978

Helmets - As an example, I remember watching some old footage and was amazed to see that professional hockey players did not wear helmets. Now it sure likes ALL players wear them. Why? We learned the added inconveniece and expense was worth it. I've worked on development projects where there was no allowance (i.e. time and money) set aside for anything but the barest amount of testing. Now I am increasingly seeing that built into development schedules, as a matter of course. Granted, in some cases this testing would be analagous to a hockey player wearing only a LEATHER helmet (instead of today's high-impact plastic) but it shows progress and gives me hope for the future. I welcome the day when testing and quality assurance are an integral part of EVERY development effort instead of a rare luxury. The benefit is that libraries of well-documented and thoroughly-tested code will become increasingly available. AND the methodology to USE them PROPERLY, (i.e. SAFELY!)

It's thanks to developers' incessant optimism, I believe, that we have our current problems, and also the seeds for the solution. Please, don't get me wrong on this one. IIRC, it was Tesla who said that "If I had known it was impossible, I wouldn't have done it." We create doftware to do things which have NEVER been done before, ever. Even in the face of statements like: "That'll NEVER work!". The response? "Oh yeah? Hmmmmm. Wait a minute! If I, hmmm, and then... AHA! I think that just might work!" And on nothing more than a hunch, a hope, and a blind ignorance of just how many hours of debugging it will entail, we regularly go off and do something absolutely incredible. I have gained much inspiration from a quote by Mark Twain:

To be the FIRST - that is the idea. To do something, say something, see something, before ANYBODY else - these are the things that confer a pleasure compared with which other pleasures are tame and commonplace, other ecstasies cheap and trivial.

In tandem with this one by Thomas A. Edison:

Genius is one percent inspiration and ninety-nine percent perspiration.

It's that thrill which drives so much inspiration and pers