Slashdot Mirror
Slashdot Asks: Are You Ashamed of Your Code? (businessinsider.com)
Programmer and teacher Bill Sourour wrote a post last week called "Code I'm Still Ashamed Of," where he recounts a story in which he was hired to write code for a pharmaceutical company. Little did he know at the time, he was being "duped into helping the company skirt drug advertising laws in order to persuade young women to take a particular drug," recaps Business Insider. "He later found out the drug was known to worsen depression and at least one young woman committed suicide while taking it." Sourour was inspired to write the post after viewing a talk by Robert Martin, called "The Future of Programming," who argues that software developers need to figure out how to self-regulate themselves quickly as software becomes increasingly prevalent in many people's lives. Business Insider reports: "Let's decide what it means to be a programmer," Martin says in the video. "Civilization depends on us. Civilization doesn't understand this yet." His point is that in today's world, everything we do like buying things, making a phone call, driving cars, flying in planes, involves software. And dozens of people have already been killed by faulty software in cars, while hundreds of people have been killed from faulty software during air travel. "We are killing people," Martin says. "We did not get into this business to kill people. And this is only getting worse." Martin finished with a fire-and-brimstone call to action in which he warned that one day, some software developer will do something that will cause a disaster that kills tens of thousands of people. But Sourour points out that it's not just about accidentally killing people or deliberately polluting the air. Software has already been used by Wall Street firms to manipulate stock quotes. "This could not happen without some shady code that creates fake orders," Sourour says. We'd like to ask what your thoughts are on Sourour's post and whether or not you've ever had a similar experience. Have you ever felt ashamed of your code?
I thought "ashamed of code" would be e.g. using a for loop on a Java Collection rather than an Iterator; or using EJB methods to simply wrap database layer calls, instead of encapsulating business rules (because you see our project uses a 3-tier architecture because someone somewhere read it is a good thing to do); or not doing unit tests.
Writing code to put bread on the table for employers whose business ethics are questionable (or cut corners when it comes to generally accepted good software engineering practices) is to be expected. It's not as if these things are discussed at the hiring interview. And jumping ship at the drop of a hat when these things crop up is seldom practicable - a new round of interviews takes time, so does induction into a new workplace.
We are all prostitutes, either from the neck up or the neck down.
Free, as in your money being freed from the confines of your account.
I've at times had to code up things I haven't been happy with, but rather than refuse to do it, I tried to modularize stuff so it could be fixed later when management changed.
This is, I think, better than refusing, and having someone else code it up. To quote Mordin Solus, "someone else might have gotten it wrong".
(And in at least one occasion, that worked -- for one product I worked on, we managed to safely and quickly kill the "phone home" DRM before it got out into the wild. Felt filthy working on it, felt good to bury it.)
Civil engineers design with a safety margin such that their building's don't fall down. I work with a bunch of them. Civil engineers dread the thought that their building falls down.
What does this mean in terms of software? Software crashes all the time.
Software systems tend to have really complex side effects. Suppose I design a blood pressure monitoring machine for a hospital. It and a hundred other devices let the hospital run much more efficiently. The hospital only needs 1/2 the number of nurses. Now, someone discovers a bug in security camera, penetrates the network, discovers hundreds of Windows XP Embedded devices, and turns the hospital into a malware farm. (Incidents like this have happened.)
The hospital is screwed. It can't suddenly double the number of nurses, and even if you did, the nurses are used to the automated equipment. They don't know how to fall back to the non-networked way of doing things instantly. They are out of practice.
How could an engineer sign off on a system like this?
On one hand, it is running standard and recommended software (like Windows). Software has went through the FDA approval process. However, on the flip side, the hospital is a sitting duck. These embedded devices are hopelessly insecure, and there is no way to secure them against modern network threats.
I don't think we have proper methods of describing and solving modern safety issues in embedded systems. We have no proper method of understanding safety with machines built in one country, running software written two different countries, and then running somewhere else. The safety interactions even in a relatively stand-alone machine can be very tough to understand. These network enabled threats make things really hard.
I worked (briefly) in a call center where we handled people who had called an 800 number. We asked a series of questions that we read from and filled out on an HTML page.
I suspected something was fishy and looked at the source -- it was exactly like what Bill Sourour had coded -- it didn't matter how people answered, the same non-result in the end.
People thought the number would help them, but it was used to harvest information, nothing else. One of the most screwed up environments I've ever worked in.
I come here for the love
If we're talking about how are code was used, I remember in high school (many moons ago) writing Turbo Pascal programs and Lotus 123 macros for a shipping department of a sizable company that hadn't yet computerized. I was brought in by the manager of the shipping department because he could hire a high-schooler when he couldn't get authorization to computerize from within the internal IT department (which was busy sinking the company with some massively expensive software controlling the manufacturing).
Anyway, I was very proud of allowing my boss to get all the data that he wanted, and he was very, very pleased that his department now had some means of seeing what was going on.
I distinctly remember when he called me in and thanked me. Due to my program, he'd had enough data to improve efficiency 25%!
I glowed.
Now he'd been able to let go 2 out of the 8 drivers they had.
I stood there speechless.
There were real people underneath those numbers.
I've seen some shady things, and it was ALWAYS in a setting full of people too junior to ask questions. Junior people are sometimes naive, and will believe management when told that certain shady things are normal. Junior people may have no resume to speak of and are basically forced to look good at their first real job. Junior people may not be able to afford to quit without having something else lined up, and don't want to be marked as job-hoppers. Senior people have the marketability to leave, and the experience to see through BS. They may also have enough savings to quit out of principle and take a sabbatical, or the ability to shift gears to their side business. I don't really know how to solve the problem, given that young adults need to eat regardless of their ethics. I do know that the problem is hardly contained to computing. Maybe we gravitate to this field because we love logic, but the rest of the world isn't logical. We still have to deal with human nature in this field too.
Doesn't this describe almost every job?
I mean, I generally agree with the article. But the article seems a little... self-aggrandising, doesn't it? As if to say "hey, we're just as important as doctors and engineers!"
The thing is... I kinda agree - programmers are very important and their actions can have serious consequences if done poorly or incorrectly. But like... plenty of other jobs are just like that too.
If the person stocking the shelves at your local grocery store doesn't clear out the expired stock, or maintain proper hygiene around fresh food, they could easily contribute to someone getting sick or spreading bacteria or a virus.
If the person selling gear at a bicycle store doesn't realize the wheel or frame is broken, or that a frame has been recalled due to a defect, they could easily contribute to someone being seriously injured.
If a school teacher ignores serious bullying or doesn't fact check the information they're teaching or doesn't make sure their students properly know how to do proper calculations, they could easily contribute to a serious mistake made by the student some time in the future.
If a salesperson helps someone get a loan approved when they've very much shown in all likelihood that they probably can't afford the monthly payments or that the loan is predatory in nature, they could easily contribute to that person's life taking a serious financial turn for the worse - and we all know how stressful and desperate people can get when they can't make ends meet.
Yes, programmers need to be aware of their moral compass - but so does everybody else to varying levels, pretty much. Generally speaking, just - don't be a dick, don't be apathetic and use some common sense. That'd go a long way for pretty much anybody in any situation.
What does this mean in terms of software? Software crashes all the time.
Not in safety critical applications. Writing software for them is a different beast.
How could an engineer sign off on a system like this?
With the proper documentation.
I don't think we have proper methods of describing and solving modern safety issues in embedded systems.
Google for machine safety standards. IEC 60601-1 seems to be a good starting point for medical devices.
I've only written code for industrial machinery so I can't say for sure if it contains the necessary information. You typically have to go through quite a lot of standards to figure out the full requirements.
You have to document not only how the software will handle all plausible input cases but also how the device won't endanger anyone in the case of common hardware failures.
Some electromechanical devices can be assumed to not fail if you never approach half the marked current.
Some components are designed to have a defined failure state. You can use capacitors that always break, never short circuits.
For transistors you have to document how the device will operate in the different possible ways the transistor can break.
For complex circuits like a CPU you are not allowed to assume that it will remain functional and because of this you need at least two CPUs and have software or hardware that detects if one of them doesn't act as it should.
Depending on what safety class you are aiming for you might have to use CPUs of different architectures and have different programmers writing the software to minimize the risk of them failing in the same way.
As you might have figured out you can't just throw in a Raspberry Pi or anything running Windows CE and hope to write life critical applications.
If you need an OS it will be something like SafeRTOS but most of the time you will skip it.
You typically have to use window watchdogs to make sure that the code executes within the right time and you need to add checkpoints to make sure that the code executes in the right order.
You should try to avoid using pointers and dynamic allocation. Yep, that rules out high level languages no matter how safe some people seem to believe they are.
Exceptions is a big no. You avoid code that doesn't have a determined path trough it.
If you actually use pointers you will have to document every usage to make sure that it can never be used uninitialized or trash other parts of the memory.
If you allocate things dynamically you will have to show that allocation failure doesn't lead to safety issues.
TL;DR;
We have the methods to write safe software. It's not easy and it is very time consuming.
If you are interested in doing it I recommend going for an EE degree rather than CS. Reading the standards will be hard otherwise and understanding the possible failure modes even more so.