Slashdot Mirror
Is Off-Shoring a National Security Threat?
An anonymous reader writes "Should the U.S. government hold developers more responsible for the quality of their code? One top cyber security analyst says more regulations would be a mistake. 'Any attempt to regulate software quality and security simply drives the software industry off-shore for good,' he says. 'Similarly, requiring trusted on-shore production ensures two things: (1) falling behind world progress as we aren't the only smart people and we are a minority, and (2) costs rise in a way that makes on-shore-mandated software cost-uncompetitive on the world market.'"
It's fine. As long as there are enough smart people here we can deal with it. If we can get foreigners to do our dirty work for us, then we can focus on the important stuff. We don't need the monopoly on smart people, just enough to keep up.
Is 1563649 a prime number?
We should regulate off-shore produced code and push jobs back to the U.S. the same way we should apply tariffs to products made in China.
Outsourcing the CIA to China isn't a go?
A feeling of having made the same mistake before: Deja Foobar
Of-course it is.
--
Of-course there is nothing positive that government can do to fix it by any more regulations, laws or government spending and offices. What it can do is what it should do and what it won't do, because the last time it did something like that was 1921, and cutting 70% of itself is sort of like committing harakiri and admitting that gov't has only one role in economy - which is destruction. They won't fire themselves..... all those protests at Wall Street, they should really try and figure out what the real problem is and go protest at their closest Federal reserve banks.
You can't handle the truth.
So we should keep building core code on the backs of under payed over worked Indians who don't give a shit if there code is secure.
There is a critical outsourcing limit that we keep hitting where the actual people doing the work just don't care.
Why would off-shoring increase the risk? It would perhaps be of importance if the risk is related to the secrecy around the development. But if you make your code safe by secrecy, then it is not safe anyway, whether you develop it on-shope or anywhere else in the world. You should always assume that secrets are leaked... Always.
and some times it ends up costing more due to delays, poor code, coding to spec only and so on.
also with outsourcing they just get the job done and move on makeing you find some one to fix the code.
There are software patents in us of a. Inevitably any regulation you put forth for ensuring quality of code in software will be hampered by privately owned patents taken related to whatever practice/format you were requiring. You cant talk about any kind of regulation for quality of anything or good practices in such an environment.
Read radical news here
On the other hand, serious attention to regulating software design and deployment might eventually reduce the need for security analysts...
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
The real question is: do the mega corporations care?
People aren't willing to pay extra for code that's actually secure so we can't pass along our costs, and you can kiss our ass if you think we're taking a pay cut just because our software killed a few hundred people.
First, we already have a market framework that works - people don't buy or use the crappiest code when given a choice.
Second, you know that "disclaim all warranties" bit? If you paid for the product, the vendor cannot disclaim warranties - so you have more incentive to deal with someone local so you can sue their *** off a lot easier. Given enough lawsuits, all bugs are shallow.
Third - the government is unable to ensure the quality of the code it already buys - how is it going to do that for everyone?
The whole concept is dumb, the article is just troll bait - which explains why it was posted on Troll Tuesday [tt]
It is not about secrecy it is about quality.
The VP at SAIC is saying that if the government demands that the software they purchase actually meets some minimum standard of quality then everyone will throw up their hands and quit. Which he feels will cause more software to be handed off to overseas developers who will do even a worse job than has already been done.
This smells very much like GM & Ford complaining that new fuel standards will be a technical impossibility to reach just moments before one of their competitors roll out models to the showroom floor that make the grade.
Enforcing high quality secure software written in the U.S. would be bad for the U.S. Quality and security have always been bad for a company. eg. DEC and SUN It stands to reason it would be bad for the U.S.
Having to work for a living is the root of all evil.
"...costs rise in a way that makes on-shore-mandated software cost-uncompetitive on the world market.'" Is it just me, or does that not really matter when talking about code created for the gov't, especially code that has a significant security impact? There are tons of places less important than this where the budget can be cut. As far as the US developers falling behind world progress, we can do what Robin Williams has always done and steal the good stuff.
-Note, I live in the USA, I get that you might not. Ignore the "we" in those cases.
Off-shoring becomes a bit of a problem if you decide you want to fight a war with one of the countries you offshore to.
For example, if we would start a war with India, one of the first things that would happen is the loss of all communication with that country. How many businesses would fail since they wouldn't be able to replace that infrastructure quickly.
How about if we go to war with China? Can we produce all of the parts we currently use in our weapons systems here, quickly?
Yes, in both examples, the USA would be able to eventually produce everything it might need, but it would take years to regain the infrastructure that currently isn't located here.
Where things get really complex is when you consider the off-shoring of natural resources, such are rare metals or oil. If the USA pissed everyone off, it wouldn't have enough resources to maintain current standards of living & fight a war, even with all of the imaginary money it can print.
All of the above could be seen as a positive, though. Maybe if the idea of killing others isn't enough to stop war, the cold facts of logistical interdependence might.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.
ITAR is perhaps one of the biggest hidden costs in domestic software development. Investments in s/w products that cannot realize the maximum ROI due to market restrictions force quite a bit of development overseas. If my subsidiary in India can sell my app or service anywhere in the world, but I can't do so with a domestic version, guess where I'll send the work?
Its like when Obama was elected and all the gun nuts got paranoid about possible forthcoming regulations. Everyone ran out and stocked up on guns and ammo. Mention national security and software in the same article and more development work will get pushed overseas in a panic.
Have gnu, will travel.
It's a threat that will eventually bring down every company that does it. It is a cheat, a dodge used to avoid paying market rate for wages while still depending on the market you are taking the jobs away from to remain strong enough to buy your product (which is likely too expensive to sell in the off shore market where you are underpaying for labor).
Ergo: Every company that uses offshoring depends on EVERYONE ELSE to not do the same so that there is still a market for their product. Eventually everyone will offshore in order to not get undercut in price, to the point where Americans no longer make a wage sufficient to keep the economy afloat so that there is sufficient money in the economy to allow the purchase of the offshored product.
In other words, it's ultimately a self-destructive strategy that will end in dragging down first world markets to third world economic levels. We may already be past that critical point, looking at the perpetual recession we are in.
Corporatism != Free Market
A security firm is saying regulations requiring code be secure would be bad? I'd say that too if it was my entire companies business.
"...whenever any Form of Government becomes destructive...it is the Right of the People to alter or to abolish it..."
An not only "national security" (never understood that particular US fetish), but a threat to data and software security in any environment. But so is outsourcing in the first place. Off-Shoring just makes the connection between customer and service-provider even more remote. The more remote this connection is, the less loyalty and less perception (and often reality) of the risk of repercussions. Add a cultural gap to make matters worse. And an often high fluctuation.
Incidentally, from what I have seen, Outsourcing/Off-Shoring is often pretty expensive. I have seen projects where 100 developers in India did a project that could have been done with 4-6 really competent domestic people. Not that I assume the 100 developers were on this full-time, I assume just a really bad development model, were everybody does a tiny bit of coding on his/her layer. Consequentially, 90% of the code was unwrapping and re-wrapping of parameters. But for any kind of security critical problem, you can do background-checks on the 4-6 developers. You may even know some of them personally and you can make sure they are happy with the conditions they are working under and grievances are addressed promptly. That is the way to get loyalty. Of course, this is impossible for the 100 anonymous Indian developers.
In addition, finding, e.g., back-doors in code is typically significantly more expensive than a re-implementation with trusted personnel.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Your country as a whole will have a heavier emphasis on foreign policy which can lead to bad situations like China or any other country getting into a war, which inevitably makes their problems ours.
So then we have a bunch of smart people trying to manage something we don't have and our economy tanks until we can find someone who can sustain our demand.
Pros/Cons with either situation, but that's politics
Offshoring is a National Security threat.
There, fixed that for you.
The US Patent system will already drive companies off shore for good.
I'll see your senator, and I'll raise you two judges.
If it is used in the US, a US dipomatic site (which is technically US soil), or a US military base (also technically US soil) mandate software quality. No matter where it is made. The US is such a large market it would force other countries to do this.
This next paragraph sort of expands on the Subratik's post.
And has anyone considered that competing with countries with cheap labor and resources, e.g. China, is a recipe for disaster for the US? There are two approaches, go cheap like China because you can or compete on quality like the Germans and the Japanese who do not have cheap resources and can never compete strictly on price. "Made in Germany" and "Made in Japan" have become synonymous with high quality engineering and manufacturing. If the US were to produce very high quality software It would be able to compete quite well. How to get there is a tough question, but the right question must first be asked.
putting the 'B' in LGBTQ+
We don't hold congress accountable, why should we hold anyone?
Well, it seems that a lot of corporate managers have bought into the notion that software inherently sucks. But it doesn't have to be that way. What if the US were to establish itself as the place to go for -quality software-, software that worked and that US companies stood behind? There are probably many comparisons with other industries; the auto industry comes to mind with German and Swedish cars recognized for higher quality engineering at a higher price. (That's not to denigrate the substantial quality that comes from either Japanese or Korean automakers!)
How many people have ever delivered a software product with a genuine warranty, "Find a bug and it will be fixed for free." (see http://212.113.201.96/services/software/approach.asp for an example.)
One of my kids is a lawyer specialising in IT cases, so this is cutting off nose to spite face time...but you cannot sue people for doing bad work without an agreed concept of what constitutes good work. Some very successful parts of the world (Switzerland, Germany, Northern Italy) have traditionally relied on the concept of overseeing work by properly educated, trained and qualified people. I personally think it is better to pay them than to rely on paying lawyers.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
During the banking crisis, people in the US and the UK heard this a lot about the financial sector -- if you regulate them too much, they'll just move somewhere without regulations. I think there's some truth to that, but I can't imagine every company loves the idea of operating in a completely unregulated environment.
One of the things I'm all for is professionalism in the IT world. Computers have been around for a long time, and now they're 100% vital to peoples' daily lives. It's time to start thinking about a couple of things:
- Separating the design and deployment portions of the IT landscape
- Making the design part a real branch of the engineering profession, with a set of educational standards
- Making the deployment part a skilled trade, with the necessary apprenticeships and career progression to attract new hires
Having a professional body would allow us to stand up to employers who demand that the schedule be crunched once again to meet an arbitrary date. No one tells a licensed PE who is liable for work they sign off on that they just lost a week of design time because someone said so...PEs are aware that they could lose their license or be sued out of existence. Currently, software isn't considered infrastructure, and so projects aren't run like bridge construction...they're arbitrary, and not grounded in reality.
The problem is that the field of IT is very broad. You have systems guys like me, network guys, software developers, deployment experts, hardware engineers -- it's all over the map. One thing I don't like about the current state of our profession is a lack of training standards. We leave a lot of training up to vendors like Microsoft, Cisco, Oracle, IBM, etc. who have a vested interest in selling product and training a generation of newbies to use their technology. You also have a lot of independent IT people who have no desire to associate with a larger body of professionals, and wouldn't want the responsibility that professional status gives them. Even with the liability, I would be happy to be the equivalent of a PE because (a) I do good work, and (b) I'm well aware of what I don't know, and ask other professionals for help when needed. Other people in our field want nothing to do with this...they like the idea of being a cowboy coder or cowboy sysadmin and flying by the seat of their pants. Professionalism would also mean slowing down, realizing what works in terms of systems design, not trying to reinvent things every 6 months, etc. The laws of physics and properties of fluid dynamics don't change much -- techniques are introduced gradually in other branches of engineering. In our world, it's "new programming language", "new design pattern", "new OS", "new hardware design" every few years, and often it's just a rehash of what's come before.
The other problem, and the one that this article addresses, is that other countries are probably not willing to commit to playing by the same rules if we adopted them. In fact, there would be a huge uptick in business at "Joe's Code Shack" because they would promise unreasonably short turnaround times and just throw labor at the problem. It's not really a national security issue -- the root cause is that no one is willing to pay for proper engineering work and they just want things faster and faster for less money.
I think that a lot of specialized industries are starting to figure out what they can offshore and what just doesn't work when it comes back. I do systems integration work, and I have seen first-hand the disasters that come back from the "code monkeys" when there are no specs and bad oversight. It's not a cost savings if you have to hire a US contractor at 4x the rate of an FTE to wade through the mess and make it maintainable. One problem is that a lot of industries see IT is "grunt work" coding that people don't necessarily notice when it's done poorly. Anyone working for a large multinational who offshores development is probably well versed in things like internal web applications that crash
No, there shouldn't be any requirements for private businesses....let them do as best as they can in the market.
To encourage jobs IN the US, however, I'd say the Feds could lower taxes to corporations, for every documented US citizen they hire to give incentive and make it easier to hire US citizens.
However, for Federal contracts, ESPECIALLY those coding for DoD, NASA, etc...they should be mandated to use ONLY US citizens...which they generally do anyway since most of those jobs require some level of security clearance, and you pretty much gotta be a US citizen to get one.
I don't see any problem at all, with jobs like this that are funded with US taxpayer money, to be mandated to go ONLY to US citizens. Both for fiscal reasons, as well as for security ones.
But for the private sectore...no, don't legislate or regulate it for US jobs...but give highly fiscal incentive to do it, through tax cuts, etc.
All private industry cares about is cost/profit, so make it easy to do business here in the US through less regulations/red tape, and less tax for hiring US.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Clean Energy, China-Style: Sex, Cash and Stolen Technology http://www.forbes.com/sites/williampentland/2011/09/23/clean-energy-china-style-sex-cash-and-stolen-technology/ The article is just a little to the left of the topic, but does show how we spend the money on R&D and others reverse engineer it / steal it / acquire the knowledge in many other ways. Can we count on our 'partners' to share with us as we share with them? I am skeptical...
-STankyG
People are always blaming their circumstances for what they are. I don't believe in circumstances...
, government software regulations force developers to pay off entities that evaluate your code and verify it conforms to published standards
that worked very well with the rating agencies in finance ....
Read radical news here
National security?
What do you need to secure? What is the threat?
"Were safe! No food, no jobs, no shelter, but we CANNOT be attacked!"
"Flyin' in just a sweet place,
Never been known to fail..."
For a sufficiently broad definition of "National Security Threat".
The companies selling the product should be responsible, not some unknown worker. If they are not in the USA then they have some other company that imported the product to make it available for sale and they are responsible.
After all with the recent cases of tainted products coming from China no-one worried about the person making the item it was the fault of the company importing it that had legal problems.
If companies are off shoring things there is an economic reason for it. No amount of regulation is going to stop that short of tariffs and that will start a trade war that at this point we might lose.
Instead, the government should look to see if it's doing anything that is encouraging the off shoring rather then looking for ways to stop it through increasing regulation.
As to the strategic and tactical importance of keeping certain code projects domestic. Of course. If all the programmers that made your banking system for example or your missile guidance system are Chinese then that's a problem.
Off shoring grunt work that isn't strategic is fine but if you do it for the core work then you're asking for trouble.
Some companies have outsourced/off shored core business services and so far as I know they've always paid a stiff price. Typically what happens is that they effectively teach a competitor how to compete and rather then cut costs they pay for the education of their competitors who then release competing products at a reduced price point.
It's something of a hopeless situation so long as people think we can maintain American competitiveness through anti trade practices.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
It is more than software, it is everything that is traded. It makes the landscape of Mad Max look pleasantly tranquil.
/>, to maintain an competitive Edge." The wealthy are not investing in America. They then should have no tax breaks. And their parent companies costing issues should be ignored at tax time. <humor>And their access to the beach should be from 2:00am to 4:00am on odd numbered Blue Moons.<humor/>
I really question the motives that allow America's wealth to be drained in one way or another to the amount of a Billion dollars a week to other countries. I question the motive of the statement, "Manufacture or Service it in <country
'falling behind world progress ...'
That ship has sailed, man.
I know that often these kinds of analyses can be right: imposing too many restrictions can hurt an industry.
However, sometimes these things just turn into hopeless naysaying. The government can't create any law or regulation without someone complaining that it will destroy the economy. Yes, having laws against lead-based paint in children's toys probably hurts some profits, causes some economic efficiency and "hurts the economy" in some ways. Sometimes that kind of economic efficiency isn't the most important thing.
Also, sometimes these analyses miss important things: the loss in economic efficiency due to banning lead-based paint is offset by having fewer healthcare costs due to lead poisoning, and also having a more efficient workforce in 20 years because of all the children who weren't sickened or killed by lead poisoning.
You're kidding, right? Management review code?
Even if the manager is technically astute, their job is the manage, not review code. There should be senior developers doing the reviews, but they're too busy writing code. So the sloppy mess produced by the juniors never gets reviewed.
But even without reviews, testing should be revealing the problems caused by that sloppiness. Unfortunately, I've never heard of an offshore coding company that actually does the testing -- that's usually done in-house by the company who hired them. Which only makes sense -- it's the last line of defense against the code that's coming in.
What really doesn't make sense is that these offshore companies keep getting more business even after they develop a reputation for producing shit code, because they're "cheap."
Funny thing is, although the offshore coders get paid dirt wages, the fees charged by their companies aren't usually that much of a discount compared to on-shore or near-shore coding. It completely baffles me the North American businesses still haven't realized that.
Bottom line: You get what you pay for. If you want quality, it's gonna cost you. Shop for the lowest bidder, and you're going to get the lowest quality, too.
But it doesn't matter. Tools like mine will soon make the junior programmer the does nothing but copy-paste-edit code obsolete anyhow.
I do not fail; I succeed at finding out what does not work.
after the last 30 years here in this country (US) let me be the first to say... Doh!
Look at what happened in Iran - "somehow" a virus (Stuxnet) got into the Siemens' systems (a German-built system) and destroyed much of their Uranium enrichment processing capability. Huh. What a surprise.
The requirements from the US Government (and others) that product, including code, not be developed by overseas companies/people, is a valid response to a very real risk scenario. This has nothing to do with quality. It has everything to do with the cost/risk of hostile code getting into sensitive deployments.
In terms of quality, have you ever tried to outsource any sort of even moderately complex software project to, say, India, and actually get back what you wanted? It is a huge effort and quality is very hard to maintain. The problem is how to communicate/monitor a very large number of complex, interwoven requirements, constraints and interoperability issues with a team that is not familiar with the rest of your stack, not in the same area/timezone (which significantly degrades cross communication) and may not even speak the same language. For small, isolated, stand-alone projects which can be neatly wrapped up in a bubble and rigorously tested (meaning, there are a small enough set of possible inputs and outputs that you can realistically test all of them) then maybe you can outsource the project. For anything more complex you really want it done by an internal team who knows the rest of your stack and communicates quickly and spontaneously with the rest of your company in order to ensure that what is built actually does what people want and fits into everything else being built.
Going around asking "Is X a National Security Threat" is the biggest security threat of them all. In fact, the very concept of National Security is a security threat.
"I opened my eyes, and everything went dark again"
There is nothing special about engineering education that makes it "better" than a computer science degree from another department at a university. In fact, if you shift the courses to engineering, students will end up wasting their time on a lot of physics and math classes required for basic engineering that are completely useless for programming.
The other problem is that engineering is standardized. There are "rules" for how to construct buildings, build in safety tolerances, etc. There are no such rules for programming.
In the segments of computer code that do have "rules" and "templates", the whole process of writing the code can be automated, completely eliminating the human errors that copy-paste-edit coding causes. That's exactly what MSS Code Factory does -- build a rule base for translating application data models to text-based code. It automates the grunt work. Who needs a horde of offshore programmers if a machine can do their job?
I do not fail; I succeed at finding out what does not work.
One of the sloppiest, non-informative articles that I have recently read. Coding is the last part of any automation development. What about bad analysis, bad design, poor tool/OS/infrastructure/integration choices? What about the problem of being forced back to the Waterfall development methodology to be able to offshore development? What level of coding are we talking about: embedded systems, business architecture, tools, OS, (etc)? Any security expert would know that code security is the least of the problems regarding overall automation security.
Yes. This is a national security threat. By definition. You can't have it both ways. Sorry globalists. You can't bully and exploit third-world labor, and then trust them with your proprietary industrial secrets. They will steal them from you, and turn around and use them against you. Period.
The only exception - I guess, is that muslims probably will not use complex interest-derived financial instruments to enslave you, since usury is against islamic law. Straight-up slavery, is not though. So keep on bleeding your own economy until they come over here and take-over. They will be happy to enslave your sons and daughters.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
The fix is to require that all businesses that are global to meet the requirements for ALL countries that are impacted by the business. For example, if software development is moved to India then the business must comply with the regulations for BOTH countries. And for the chain of businesses involved, each would have to comply. Example, if Company A in the US hires Company B in England, who hires Company C in India, to do the work then all three companies must comply with the regulations in the US, England, and India for the product involved. A requirement like this would help countries like India raise their standards of living and reduce shifting of jobs from rich countries to poor countries simply for the sake of profit. The same should apply to all products (example, electronics produced in China), not just software.
The NSA: The only part of the US government that actually listens.
...an awful example of gerundification. "Off-shoring" ? What a horrible word. It probably shouldn't have a hyphen, either, as that could lead to even more confusion over its intended meaning.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
Why not make it some sort of opt-in program?
Design some set of regulations which are verifiable by an auditor and specify minimal conditions for passing software at some level of the program.
Companies could charge more for the software which could be held liable to meet standard level 1, 2, 3, ...
Provide tax incentives based on sales at particular levels.
If some piece of software says it is at level 3, then the copyright holders behind it can be held liable for the terms of level 3.
We have regulations because of abusive and unethical behavior. If industries have no other motive than to profit then we see all sorts of trash and burn tactics that may get some folks a bonus, but at some point someone is going to pay. Yes regulations hurt businesses. My point is that businesses shouldn't behave in a manner that will result in the need for regulations. We're lucky that the US is still willing to try to keep things in balance.
To quote Publius Cornelius Tacitus “The more corrupt the state, the more laws.” Nuff said.
Regarding offshoring, I don't really have a problem with it as long as it's intent is to supplement a businesses workforce. I do have a problem with replacing workforce with foreign nationals. At some point if everything is outsourced, we'll see our middle class collapse, and thus businesses won't have customer base anymore.
I can't imagine every company loves the idea of operating in a completely unregulated environment
One of the most important features of regulation is to keep the big corps big and grind the small ones out of profitability... I can't see a big slow lumbering dilbertian horror of a company loving the idea of not having regulation expenses to crush their smaller competitors.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
If US programmers can't compete in the global market, then that's their fault. The new world is all about openness and cross-border employment. Limiting or taxing work done "offshore" is an old-world fix for fat lazy US workers.
Hell Yeah!
When you go over seas, there are no rules like ours when it comes to copyright infringement....so when the Indian or Chinese support markets get a hold of sensitive company data, they can easily call the competition up and offer them this info, to make extra profits.. There is no world police when it comes to these things...
If you are here and notice that your info is now in someone else's hands, you have to travel over there to then go through THEIR court system, with very little hope of getting retribution , instead you get a lot of lawyer fees just to find out there was never any hope in the first place.
This is evident in many fields not just IT. The problem is accountability, their courts do not follow our rules, so why would we think we are safe giving away our source code to maintain, by some supposedly proper development companies who could be also trading secrets or even letting the government in on what they find....aka China....
Anyone going over seas, deserves what they get. If you have legitimate reason to be using external help, you bring them into your country, not go over there.
This way the courst can follow the laws of YOUR land, and prosecute based on those rules, should they need.
During the banking crisis, people in the US and the UK heard this a lot about the financial sector -- if you regulate them too much, they'll just move somewhere without regulations.
So we have a solution for dealing with these bozos. Excellent.
I'm really quite sick of the "Software development should be like building a bridge" argument. I've been a software developer for 20 years now. Do you know why it will never be like building a bridge? Because bridges do *nothing* new. They connect point A to point B. And more often than not, if point A and point B don't exactly fit the design of the bridge, they change point A and/or B so that it does more closely match.
Almost every software application written is unique. They may use elements of previous applications, much like artists use elements of previous works. You can't engineer discovery and invention. Those that try are doomed to write horrible inefficient applications which have innumerable layers, perform horribly, and don't really do what the customer wanted.
Writing software is craftsmanship and artistry. Those who write software are craftsmen/women, those that write software and believe they are engineers invariably produce horrible clunky and inelegant code.
I'm not saying that writing software shouldn't be a discipline... It is, an exacting one... But it is *not* engineering. "The laws of physics and properties of fluid dynamics don't change much"... When you have these things, you can do engineering. Writing software does not have these things, everything changes, constantly, and probably always will. Or are you saying we should forgo all the advances which occur every day in the computing field? Give up little things like smartphones, multi-core CPUs, ever increasing memory and CPU?
Do we pick this point in time, draw the line, and say HERE is where computing stops... HERE we will make it engineering. What if that point in time was 20 years ago? What if it was 40 years ago? Engineering takes decades/generations to mature. We don't have decades... We barely have time to orient ourselves to a new platform when the next is already here. And you know what? It's better this way. Everyone benefits.
You want stability/engineering? Go back to time slicing on a hard-wired mainframe terminal. You can have it. For most of the rest of the world, we recognize the value of new technology. And yes, sometimes the bleeding edge is too raw, but usually just a few steps back is "good enough". And that is the space that most *real* software development gets done.
Sorry 'bout the rant, but I'm not an engineer.
some parts of IT needs apprenticeships and or tech school not CS.
Now CS is good for high level design or maybe being a developer on some thing big like a OS.
But at the on the ground level you need different skills and experience that is better then siting in a theory based class room. Now tech school and apprenticeships fit that bill well.
What does a 4 year engineering degree help a construction guy in running a back loader, construction crane, or other construction equipment? When the theory on how it should work and how it works on the work site are not the same.
For makeing IT a profession alot of work needs to be done on the training side.
Now for IT managers they should have some tech skills / ideas how how long things take to get done. Now just think what can happen in construction when a manger sets a dead line that is not safe to hit.
Now professional rules for IT can help as working 80 hour weeks lead to poor bug filled code.
As principal architect behind an online trading firm, I brought it to the attention of a contact with the NSA that code inspected only by Chinese national managers and developed by a Chinese development organization at abnormally low rates was being connected directly into the US trading infrastructure with direct access to more than $2B in assets under management and nearly unrestricted buying power.
As a consultant and principal architect at a smart grid meter manufacturing company, I shared with my NSA contact that the core chipset handling crypto resolution, wireless uplink, and zigbee for both residential and commercial meters was being designed and manufactured in China with little US oversight.
Regardless of whether you are speaking of department of defense or other public sector technology projects or private sector technology projects which tie to critical strategic infrastructure, security is and has been compromised by outsourcing.
Further, even the most base logic demonstrates that it is futile to expect your enemies to provide for your security. We've compromised our independence and autonomy, lost the competitive edge in any meaningful way, and seem to be under the mistaken impression that China is anything other than an opportunistic hegemony. The security of any nation which allows for lowest cost bidders using external third parties for development, implementation, or administration without regulation, inspection, or validation will be compromised.
You apparently haven't been listening to the current crop of republican presidential candidates.
US businesses can make an argument that the US can not be competitive with China until the US:
* permits industrial pollution on a large scale
* has no workman's compensation law for on-job injuries
* has no mandatory overtime-pay laws
* Shrugs when notified of sexual harassment
* turns a blind eye when a company roughs up "agitators"
* participates in state sanctioned murder of dissidents and union activists
We used to have tarrifs on countries with poor environmental and labor policies. ... and then comes Bush's post 9/11 tax break that's only available for creation of offshore jobs.
When we lifted those barriers, we basically PUNISHED companies for not outsourcing.
Strategists call this "cutting off the oxygen supply". The liberal wing of the Republican party died decades ago, and on the Democratic party it went out with Carter.
Conservative business elites want our elections to be very expensive and privately funded.. why?
The less money the middle class and unemployed have, the more responsive politicians will be to those who DO attend those $1,000/plate dinners.
This is why conservatives are OK with funding unemployment benefits (for now), because of the insecurity, and because it's not going to affect their investment profile (ie, Chinese investments)... in fact it'll just drive up the debt (but in a way that many middle class Americans do not view as a government benefit). The old "drown the baby" strategy conservatives talked about, decades ago..
'Any attempt to regulate software quality and security simply drives the software industry off-shore for good,' he says. 'Similarly, requiring trusted on-shore production ensures two things: (1) falling behind world progress as we aren't the only smart people and we are a minority, and (2) costs rise in a way that makes on-shore-mandated software cost-uncompetitive on the world market.'
So we should... keep companies onshore, but have workers that are offshore provide information and services to try and keep us in the running?
Sounds like a cool new ideer.
:->
Engineering doesn't have to be frozen in time. You're right, bridges do one thing (connecting points) and that never changes. Suspension bridges are all similar from a physics point of view, but the Brooklyn Bridge is way different from the Golden Gate in terms of materials, construction and so on. Good ideas are tried and picked up over time. Sometimes a completely new method is devised for situations where the old methods don't make sense. If it turns out to be better, the old methods are replaced or reserved for special cases. If it fails, it's usually spectacularly obvious if it makes it to the real world, or it dies in the lab.
I would argue that most of the security issues with code now stem from two places -- closed-source software whose owner doesn't proactively hunt out bugs, and applications of any kind that are churned out on an insane schedule with no time for testing. Part of that insane schedule stems from the "We need to build this in YetAnotherKewlPHPFramework 0.0.9alpha1 to be on the bleeding edge." mandates. A developer has to learn YAKPHPF, and might only have time to learn enough to get the application just working. Then the boss comes in a day after release and says "Hey, StillAnotherRubyOnRailsFramework 1.0 is out! We'll be behind the competition if we don't change RIGHT NOW." Developer learns SARORF, again, just enough to get the app running. Repeat over and over again, regardless of language, regardless of platform choice, every 6-12 months. In my field (systems,) it's "We changed the platform just enough so you have to go back and relearn everything." For someone with a good grasp of the fundamentals, that's no problem. But the constantly shifting trends make it hard to stop and build up anything resembling design standards.
I'm not advocating that time should stop. There should be controlled entrance of new standards though. In traditional engineering, scientists discover the cool new stuff, engineers take the practical bits that help them to build their toolkit, and the cycle repeats. In software development, brand new cool stuff is great, but systems that run the core things we depend on should be built on stable foundations. The projects I've worked on with the best outcomes have been, like you said, a few steps back from the bleeding edge. Problem is that there are fewer and fewer projects like that.
And if you don't like the engineering analogy, we can change that too. In my mind, it's a good starting point because licensed professional engineers are actually liable for what they design or sign off on. This is in sharp contrast to the typical software developer who has very little incentive to do anything beyond getting their creation to compile. Good "craftspeople" are out there, but without some standard training, there's very little differentiation between a true master and a hack. People just don't see the difference until problems appear.
No questions asked You send jobs offshore, you make America WEAKER both ways!
First: By removing a good paying job that creates a taxpayer (& most likely a larger paying one with properties because of a good job) & also a someone with not only "disposable income" to help other businesses with, keeping an "economy" moving by money changing hands, via spending!
(Simply because they're not stuck in a "hand-to-mouth/check-to-paycheck" minimum wage lifestyle & can afford to go out etc. beyond paying rent/mortgage, food, & utilities only (IF THAT on that payscale))
You hurt the USA that way... both economically, and, security-wise (this is widely acknowledged in programming as being an OBVIOUS risk factor)...
APK
P.S.=> Any questions? Because "Trickle-Down" bullshit economic theories have resulted in the economic depression of today people - argue with the results/numbers!
Man... so all that bullshit of "trickle-down" & "service-based economy" here in the USA?? Was just that - pure bullshit (told my prof.'s in economics that in college back as far as 1984 in fact, when they said "we're moving to a service based economy")...
... apk
What's wrong with demanding quality software particularly code that deals with encrypted information (i.e. purchasing with credit card)? I don't mind paying extra to someone in my own country instead of someone thousands of miles away. Dammit, what about security clearances database by NASA and military? These are done by private companies (no longer done by govt agencies such as FBI), they better not offshore this stuff simply based on costs and crap statements like, "we aren't the only smart people and we are a minority..."
mfwright@batnet.com
Get rid of all those people, and the system will fix itself!
Here's to hot beer, cold women, and Glaswegian kisses for all.
Indeed.
At some point, we really should start calling the bluff of businesses that claim they'll go away if we regulate them. I expect that we're better off without the few that actually will go away.
America had an unfair free ride too. It became the richest country on Earth before it even seperated from England due to huge abundant natural resources while Europe used all of theirs. A shitload of land to sell crops back to Europe at inflated prices. Free timber, coal, iron ore, you name it. All you had to do was work and you got rich. I read somewhere that the average salary in the 1700s was $200,000 in todays prices. That is insane!
Now, that game is over. Resources are more depleted and newer technology means to do more with less land, and also do more with less thanks to the internet and computers.
Today, it is about the demand side of the economic equation of supply and demand. Countries with the lowest prices get the highest demand. Free trade does work for corporations. Just not us out of work if we do not want to be considered losers by society because we serve coffee or mow lawns to pay off our nice college degrees. Coke makes 80% of their profit in these markets. China buys more computers now than the US making Dell and Intel rich. If you put in Tarifs today these companies would simply relocate to Asia refuse to sell back to us and only focus on Asia and South America as they are growth markets.
The biggest economic burden is not free trade destroying jobs. It is the financial crises as Americans overbought when they realized owning that nice 3,5000 square foot home that the Jones had was becoming out of reach. They just borrowed more instead of realizing rather than facing they are not as wealthy as our parents had it. Today banks are scarcely lending lines of credit to business. That is your lifeline and as a result businesses are under extreme pressure not to hire because bad books means no loan = your done.
What we need is for people to pay off their debt and for the goverments to stop spending and raise their interest rates. Then small businesses can hire again. Like I said that is the problem more than outsourcing.With stock prices going down banks are going to force more small to large businesses to go belly up or lay off. All business done today is 80-90% financed through monthly lines of credit. Pretty wacky hu?
http://saveie6.com/
How many times do we purchase products that have virus and other bad acting software installed right from the factory? Toothpaste, dog treats and children's toys made with poisons.
How many years did we have to put up with code that was left insecure on purpose by microsoft?
Who knows for sure how much code is written with back doors for use by foreign parties?
Protectionism and nationalism and all the straw man arguments aside. We should have a reasonable expectation to secure code and products. No matter where they are made.
If *anyone* in government is so stupid that they haven't figured out the potential threat of outsourcing as an attack vector, just take their two hands, flashlight and map and fire them now.
Please do not read this sig. Thank you.
Germany had a down cycle roughly around 2006 (IIRC). They even had a "self esteem" program to make them all feel better. Similar with Canada. Recessions don't all happen at the same time such that we have to be careful about such comparisons.
We should try tariffs and see what the result is. Everybody has their own Grand Theory about trade and tariffs. But there are too many variables for theory alone to tell us the right path. Thus, let's try an empirical experiment. Better than keep doing the same thing forever and hope it's right.
Note that some cite increased tariffs after the Great Crash of 1929 as "evidence" that tariffs cause stagnation. However, we had a trade surplus back then, and I also propose doing it gradually. Adding tariffs while having a trade surplus is definitely a no-no.
Table-ized A.I.
Japan has a fairly high amount of protectionism, yet has a relatively low unemployment rate. They tend to protect mom-and-pop shops against big-box stores, for example.
Perhaps trinkets are more expensive there, but what's more important: cheaper trinkets, or jobs?
I would say jobs, because idle people tend to get into trouble and are not very happy. Sometimes you just can't optimize all variables at the same time. We may have to start making some difficult tradeoff choices as the pressure of globalization increases.
Table-ized A.I.
National security related regulations requiring that code written for the government meet quality and security guidelines?
What a horrible thought. What could possibly have given them the idea that unregulated code written in foreign countries could contain security vulnerabilities?
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
Not really, no. It's more like a new standard is applied only to cars assembled in the U.S. and everyone starts assembling in Mexico. Not because they can't meet the new standard, but because cars won't sell if they double in price.
If bridges and buildings were expected to be designed first and then built on a site to be determined later, no PE would ever sign off again. You can't guarantee the behavior of a design if you can't know where it will be used. Same deal with software.
Consider, what if the system's stdlibs are swapped out with alternates that are supposed to be "faster", "better" or more "virus proof". Suddenly the behavior of something as simple as open can change and all bets are off. Now figure out how to codify that into tort law so judges and juries can grasp it.
Impose tariffs. As we cannot be competitive we impose tariffs. Short-term solution.
"We are not the only smart people..." - Sorry, but the reality is that we are not smart. Besides the fact that many Americans still put Spain somewhere in South America (it is in Europe and EU member...) in the tech field we are not the smartest either. Maybe the off-shored code is not as good sometimes. But we have to realize that a great deal of the code made-in-USA is made-in-USA-by-someone-not-made-in-USA, either nationalized, green card holder or in H1-B. Maybe students in other countries study more tech careers than "what we do here"... let's leave it like that.
American society is on a freefall descent to hell. Medical care is a question of luck, you can only get covered if you are totally healthy, else you are screwed. more people slum into poverty each year. We cannot have a successful economy while we fail as a society. Yes China does it, you can see the richest in one side and young boys working in mines on the north-west but we do not want that, do we? So we need to class up our act first, become competitive, maybe giving up some stuff, holding job pay increase a bit and then go back to being #1
Modified flat tax.
There is ONE deduction: A warm body deduction. The basic exemption. It applies to ALL people. So a family of 4 gets 4 deductions if the parents file jointly. Kid deductions are the same size as adult ones.
The basic deduction is equal to 1000 hours a year of minimum wage. Two parents, two kids both parents working 40 hours/week (2000 hours/year) of minimum wage pay NO tax.
FLAT rate for everything above that. This gives the working poor a break.
Corporations don't pay income tax. Corporations pay tax on gross sales.. Flat rate on total sales, probably fairly small. No deductions for the cost of production. If sales tax is 10% and it costs you $901 to produce a $1000 widget, you just lost money.
The huge simplification of tax law puts hundreds of thousands of our best minds to work doing something productive.
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.
The problem isn't greed as much as it is short sightedness
Executives are paid in dividends off a block of stock for 20 years for each year of work. Now they have an incentive to make the company profitable for the long term.
E.g. I get a salary equivalent to a good engineer, plus dividends off of 100,000 shares for 20 years.
Next year, I get my salary, dividends off the first block, and dividends off a second block.
After 20 years, I'm getting my salary, plus dividends off of 20 blocks of stock.
After 25 years, I'm still getting dividends off of 15 blocks of stock...
***
If you accept a directorship in a company then ALL of your personal assets are available for reparations if you screw up.
A director may not sell stock he holds in a company while serving nor for a period of a decade after he stops serving. It's to his advantage to make sure the company is well run.
***
Speculation is hard to regulate.
The only way I can see to limit speculation is to tax assets as opposed to taxing income. Thus, if you aren't using something, you are still going to pay tax on it. And this is only partially successful. Real Estate is taxed already, (property taxes) and it doesn't stop people buying land and sitting on it.
Third Career: Tree Farmer Second Career: Computer Geek First Career: Teacher, Outdoor Instructor, Photographer.
This isn't rocket science. If you hold offshore companies to the same quality standards and liability standards as US companies, then we'd be on equal footing. Too often, people go offshore to escape the burden of regulation, then we buy from places that have low quality and are stuck with inferior products.
If the law was constructed in a way to require the same level of quality, and, perhaps, even similar quality of working conditions -- wouldn't we be alot more on the same footing?
The only reason the corporate-pork is getting fat off these moves is that they can *exploit* places where they don't have workplace safety and health laws and use that to get cheaper products at the expense of human life. How many deaths were there at Foxconn due to working conditions? Weren't they rather harsh by US standards?
People poopoo Europe's "socialist ways", in having 2x the holidays and 2-3x the paid vacation/years (often) that we get.
But do you think you'll get the same quality of materials and production if you require 12-14 hour days, and 6 days/week as a 5day/40 hour week here? *cough*...what am I talking about...I'm in the SW industry...that doesn't apply to us...
But hey, the Foxconn folk were in manufacturing where that would apply -- don't people tire out and get burnt out and doesn't quality suffer as a result?
The argument could easily be made that we didn't or wouldn't want to accept products made under exploitative conditions.
Yeah...that could happen...** hey, me -- wake up! not in your lifetime! **...
*sigh*...
The VP at SAIC is saying that if the government demands that the software they purchase actually meets some minimum standard of quality then everyone will throw up their hands and quit. Which he feels will cause more software to be handed off to overseas developers who will do even a worse job than has already been done.
This smells very much like GM & Ford complaining that new fuel standards will be a technical impossibility to reach just moments before one of their competitors roll out models to the showroom floor that make the grade.
So if I'm reading this correctly, the logic at the bottom layer of SAIC's complaint is, translated from what the VP said, "We don't have the resources to do this. It's unfair that you're demanding a provider that does have these services. I call UNFAIR!"
We always complain about a customer (or gov't) mandating requirements that we can't provide, yet another company can. We call it favoritism, but the gov't didn't change the requirements in order to HELP those companies; the requirements are changed because they are the REQUIREMENTS. If there is only one or two providers of service/software/hardware/food/etc that can provide it, then they win the "contract" or, in this case, future success.