'The Year That Software Bugs Ate the World'

FastCompany's harrymcc writes: It's not like there's ever a year that isn't rife with stories about buggy software. But 2017 seems to have had an unusually rich supply of software flaws that fouled up major products -- from Twitter to iOS 11 to the Google Pixel 2 -- in ways that were very noticeable and sometimes even funny. Sample this: A nagging flaw in Google's Play Services software for Android causes Gmail to demand access to "body sensors" before it will let users send email. Android Police's Artem Russakovskii discovers that his Mini is recording audio 24/7 and storing it on Google's servers. I rounded up a bunch of them over at Fast Company.

We need to go back to basics

Programming in traditional programming languages instead of the latest fad language and framework. And develop in our own countries instead of outsourcing it.

Re:We need to go back to basics

[CastrTroy]

What we really need are programmers who actually know what they are doing. The problem is that there really aren't enough programmers out there to get all the development projects done by knowledgeable programmers. It doesn't matter how much you pay them, the programmers simply don't exist.

I think that the latest fad language and framework is actually just a symptom of the underlying problem. With a good enough tool set, you can fake your way through it for the most part and make it look like the system works from the outside. But you eventually hit a wall where the framework can't make up for the lack of skill of the developers, and this is where you run into problems.

Re:We need to go back to basics

I've seen cross-platform applications for desktop and Android. They require no less than four different programming languages to get a single application running; Java for the interface to the hardware; Android SDK and NDK along with various other tools for debugging (adb) and package creation, Qt with QML (Q Markup Language) along with QSG (Qt SceneGraph API), Qt Quick (Another Qt API), OpenGL ES (an API for 3D rendering).

In olden days, a programmer just needed to learn X-windows/Motif/OpenGL or Win32/MFC/DirectX/OpenGL to get applications written.

Re:We need to go back to basics

[chill]

Why would they do that? They'll just address it in the next sprint! If you're agile enough, that is. Just add those bugs to the backlog! We've got features to ship!

Re:We need to go back to basics

It doesn't matter how much you pay them, the programmers simply don't exist

Sure they do. It's just that managing software developers pays better than being a software developer, so a lot of potential developers never even consider becoming developers. They exist, but have better paying jobs.

Yes, I am being facetious, but software development, at least when you're not working for the "big four", is grossly underpaid. The more software exists, the more obvious it will become that we're building up massive technological debt.

Re:We need to go back to basics

[jellomizer]

Language, Country or origin, and even skill to a degree doesn't really affect the quality of the software. It is management who wants the product done ASAP, setups Rigorous time lines, loosely gathered specifications, and sells the product to the market, before any single feature is tested.

In a lot of of our software, I wonder how much proof of concept code is out there without being fully fleshed out, because it technically works, however the details to prevent it from breaking and access via ways that it shouldn't be, never got allowed to test and implemented because it needed to go out the door.

Re:We need to go back to basics

At the beginning of a project, it doesn't make sense to invest a lot of development effort into a comprehensive, secure, bug-free, scalable, and robust foundation. Doing so costs a fortune and your business flops before it is finished. And anyway the market hasn't tested your offering yet so you don't know if it is going to live long enough to need a foundation that is that advanced.

During the mid-life of the project the need for a better foundation starts coming up, but it still doesn't make sense to spring for it because the application-wide refactor will be harmfully impactful to existing clients, and (more importantly) it doesn't sell anything in the short-term. Even though it will save a lot in the long-term, that savings just can't compete with the money that is sitting on the table if you just add a few more features instead.

Yes, there are bugs that clients feel, but they aren't bad enough for the clients to abandon the project, and even the clients would rather pay for new features than fixing bugs they are already working-around.

At the end of the project it obviously doesn't make sense to put the solid foundation in, nor to fix the majority of the longstanding bugs, because it won't be around long enough to capture any profit from that bandwidth.

Re:We need to go back to basics

[Aighearach]

My favorite bug of the year was the bluetooth one that caused a bunch of idiots to whine and cry that "everybody" was remotely rooted, while in reality RHEL/Centos users were only every exposed to a DoS bug. (box would crash instead of being exploited because RH turned on the bt memory protections already available in the kernel)

Re:We need to go back to basics

[Aighearach]

The problem is that there really aren't enough programmers out there to get all the development projects done by knowledgeable programmers.

This isn't actually true, though. In the late 90s when it was really true, the market responded, pay went up, and job availability went up too. The situation now is that pay isn't going up significantly, and jobs remain "open" forever without any attempt to hire whoever the most qualified person who applied was. You might 1000 applicants, and the "job" remains "open" and the work later gets outsourced.

If there was a real shortage, hiring would instantly increase!

Re:We need to go back to basics

[Aighearach]

Language affects software quality a lot, because ultimately software quality is determined by the user based on how well their use case is served. Understanding the use case is a very human, language-and-communication type of problem. Even poorly written software can eventually be bugfixed to quality, if the management understands the use case and continues to apply resources.

Language differences don't prevent that, but it does make understanding use cases harder, so the average maximal result will be lower quality.

Re:We need to go back to basics

I'm a competent programmer. The pay fucking sucks. So, as you might guess, being competent and all, I do something (product strategy) else when I'd probably prefer programming (because it pays better).

Re: We need to go back to basics

I count Java and C++ in your example. What are the other two languages?

Re:We need to go back to basics

[Hognoxious]

Hey, you said Qt twice!

Re:We need to go back to basics

[Hognoxious]

It's just that managing software developers pays better than being a software developer

Thing is, the people managing software developers don't know what they're doing either.

Re:We need to go back to basics

[Hognoxious]

You're using "language" like {English,French}.

GP is using it like {Java,C++}.

Re:We need to go back to basics

I'm a competent programmer who'd rather be programming even if it only guaranteed a somewhat comfortable existence. I now service networks and repair computers freelance instead because finding a programming job that isn't rife with political eggshell-walking and lazy co-workers that are never held accountable seems impossible. I've been flown out to interviews and felt that I interviewed fairly well and shot down for various reasons I'm fairly sure I picked out by scanning the office with my eyes for a few seconds and observing the environment and mannerisms of the people carefully. I'm a white male so I'm not talking about racist/sexist type stuff, I'm talking about various other forms of snobbery and fear of "others." One particular office I was in was full of skinny bearded guys everywhere and I am not skinny and wasn't beardy that day. I'm sure I "wasn't a good fit for the corporate culture" or some other nonesuch. And that's how you pass over good candidates!

Re:We need to go back to basics

[AmiMoJo]

The idea of frameworks and new super high level languages is to make it so people don't have to understand the hard stuff to write good software.

Even the best programmers struggle to write crypto, for example. Most people would be crazy to write their own, better to use a well tested library.

We need to make better frameworks.

Re: We need to go back to basics

But, but, agile

Re:We need to go back to basics

At the beginning of a project, it doesn't make sense to invest a lot of development effort into a comprehensive, secure, bug-free, scalable, and robust foundation. Doing so costs a fortune and your business flops before it is finished. And anyway the market hasn't tested your offering yet so you don't know if it is going to live long enough to need a foundation that is that advanced.

During the mid-life of the project the need for a better foundation starts coming up, but it still doesn't make sense to spring for it because the application-wide refactor will be harmfully impactful to existing clients, and (more importantly) it doesn't sell anything in the short-term. Even though it will save a lot in the long-term, that savings just can't compete with the money that is sitting on the table if you just add a few more features instead.

Yes, there are bugs that clients feel, but they aren't bad enough for the clients to abandon the project, and even the clients would rather pay for new features than fixing bugs they are already working-around.

At the end of the project it obviously doesn't make sense to put the solid foundation in, nor to fix the majority of the longstanding bugs, because it won't be around long enough to capture any profit from that bandwidth.

Yeah, I call BS on that line of reasoning; most companies aren't in a startup phase and most dev isn't on brand-new products.

The real problem are rockstar devs who are politically aware enough to get placed as head on a new product development, then take every fucking shortcut in the book, cut every corner they come across, "release" something that only works when the happy path is taken and use the excuses you listed up there.

Seriously, I'm now in the middle of enhancing a complex set of applications that has only global variables, with all the applications being copied-n-pasted from each other, because anytime a new site needed to come online the dev copied the existing code into a new directory and changed the logic to match the requirements.

So all the code is mostly the same, with tiny (but subtle) undocumented changes between them. The dev who crapped out this abomination is considered a superstar who must not be questioned (seriously, I got into trouble for asking "why was this crc code copied, then changed for the new program and not refactored into a function used by all the programs?").

The "rockstar" (god I hate that term) then uses the goodwill from the "early delivery" to head up another new product development, thus repeating the cycle. The mess left behind has to be constantly maintained because a) It's only half functional anyway, and b) No error-checking is performed in any of the code, so a missing file somewhere causes a segfault because the return from fopen is not checked. All these "bugs" becomes the maintainer's fault.

Add into the mix a gaslighting manager who trivialises every task because "you only have to copy the code and change a few variables to make the new program, at most a few hours!" (yes, he actually said this) who would also tell you with a straight face that refactoring the code (not all of it, just the bits I'm working on) is a bad practice because it's easier to simply copy the existing files over and change as needed (and then changes his mind when I do that, and says "well why did you copy that existing code - the logic is supposed to be different").

Honestly, I'm in hell here - if jobs were really as numerous as poster above said I'd have moved on by now. I'm continuously stressed because any change I make is taken as evidence that I don't know what I am doing. If my area was a tech hub I'd honestly just leave and start looking.

I've been developing now for 20 years, in a variety of different languages and tech-stacks. I've got an MSc, started on a PhD some time back and stopped and have a few publications in peer-reviewed literature, and yet I get dressed-do

Re: We need to go back to basics

[kurkosdr]

Maybe stop worrying and give the company what they deserve? Aka keep the existing mess half-functional and don't refactor or re-architect anything, while looking for a job in a company with proper procedures in place and which doesn't act like a start-up.

Re:We need to go back to basics

[TheRaven64]

I don't know about the other platforms, but when I look at the list of things on the security advisories issued for macOS they are pretty much entirely C/C++ code. None of this is latest fad language or framework, it's simply a function of complexity. I remember some old research from IBM that claimed that programmers produced five lines of bug-free code per day, independent of language. The difference now is that there are so many complex interconnected parts in a modern system that the probability of a bug being an exploitable security vulnerability is much, much higher.

Re:We need to go back to basics

I doubt programmers at Apple and Google knows what they are doing. The issue is that software gets exponentially more sophisticated and advanced with time. And bigger. And in higher demand. It would be amazing if bugs were not present.

Re: We need to go back to basics

[Zero__Kelvin]

So when you look at a codebase written almost entirely in C and C++ most of the bugs are in C and C++? Say it isn't so!

99 bugs in the code....

[Computershack]

99 bugs in the code to be fixed, 99 bugs in the code. Fix a bug, wrap it up, 148 bugs in the code...

Re:99 bugs in the code....

[hackwrench]

Not if you are writing a Langolier.

Re:99 bugs in the code....

[DontBeAMoran]

148 bugs in the code to be fixed, 148 bugs in the code. Fix a bug, wrap it up, 835 bugs in the code...

Re:99 bugs in the code....

It's the stupidest hyperbole of the century!

Re:99 bugs in the code....

I think I like:

99 bugs in the code,
99 bugs in the code,
You take one down, patch it around,
148 bugs in the code!

Re:99 bugs in the code....

[sysrammer]

99 bugs in the code to be fixed, 99 bugs in the code. Fix a bug, wrap it up, 148 bugs in the code...

Pretty much :)

Is there any field of human endeavour that suffers from so many unintended consequences, besides politics?

Re:99 bugs in the code....

[someoneOtherThanMe]

Sex?

Re:99 bugs in the code....

No thanks, not today. I have a headache from all those software bugs.

Will have to get worse before it gets better

[gweihir]

The average person still does not care at all. Hence software can still get worse and even cheaper to make before it starts to cut into profits. And it will.

Re:Will have to get worse before it gets better

And they never will.

As long a pressing button A gets them cool B, then they don't care what happened behind the scenes.

We still have human trafficking and slavery. We humans are our own problem and the desire to rule and be ruled over eternally sets the stage.

Re:Will have to get worse before it gets better

We humans are our own problem and the desire to rule and be ruled over eternally sets the stage.

dude I'm a huge fan of your writing
loved your work on the soul caliber series

Re:Will have to get worse before it gets better

Somehow we went from software bugs, to consumer desire for a product, to slavery.

I mean you nerds are intelligent, but you definitely don't see the world as it really is. You truly live in a virtual world afraid of your own shadows. Time to get outside and actually talk to people instead of absorbing bullshit online 24/7.

Re:Will have to get worse before it gets better

[antdude]

Yep, companies too. They even care not about QA. MS axed its QA department years ago. I'm still unemployed after a year. :(

Re:Will have to get worse before it gets better

[hcs_$reboot]

This is the real problem. People got used to that bad software service.

Re:Will have to get worse before it gets better

[gweihir]

Indeed, it is. People perceive pathetically bad quality as "normal".

Re: Will have to get worse before it gets better

Go back to Reddit, you're not welcome here.

Re:Will have to get worse before it gets better

[TheRaven64]

Partly. Software engineering is a very young discipline and we still don't really know how to make good software. We know a few things that are pretty much guaranteed to make terrible software, but the closest thing to a process that produces bug-free software is that used by the seL4 team, which is estimated to cost around 30 times as much as a conventional process with a very good set of automated tests.

Re:Will have to get worse before it gets better

[TheRaven64]

Ooops, hit submit without thinking.

The second problem is the lack of knowledge in consumers. Given two pieces of software that fill the same function, do you have any mechanism to say which one is likely to be more secure? Creating good metrics for evaluating software security is an open research question in cybersecurity. When we don't even have research that can do the comparisons usefully, expecting consumers to make informed decisions with no information seems a bit of a stretch.

Re: Will have to get worse before it gets better

[Zero__Kelvin]

Bullshit. The competent among us know how to produce GREAT software. The real problem is that very few people have what it takes to do it but a pervasive meme that anyone can do it has resulted in a situation where 90% of the people getting paid to develop software shouldn't be in the field at all.

Re: Will have to get worse before it gets better

[TheRaven64]

The competent among us know how to produce GREAT software

Care to share your secret? What do you do when working on large (10 million or more lines of code) codebases that ensures that there are no security-related bugs?

Re: Will have to get worse before it gets better

[Zero__Kelvin]

Nobody said that, and if you know anything about complexity you know that can't be done. It isn't even a software (only) problem. Take for example prisons. Despite all the effort making them secure, including outrageous spending on full time guards and other personnel people escape. Security isn't a product it is a product it is a process; humans will always be the weakest link.

Re: Will have to get worse before it gets better

[Zero__Kelvin]

It's a process*

Google is becoming a real problem

Lately, I've been seeing "untrusted site" warning dialogs in GMail for sites I know are okay (mine, for instance). This kind of inappropriate linking interference is harmful to the web at large. There are billions of perfectly trustable links to billions of web pages out there. Google's going to confuse a lot of people about what is "okay" vs. what is "not okay" as they're getting the determination outright wrong. As far as I'm concerned they have no business making the determination in the first place, but since they can't even do it right, they should really GTFO.

Re:Google is becoming a real problem

Maybe you just don't know that your site has been pwned, and Google does.

Re: Google is becoming a real problem

[Zero__Kelvin]

Nope. If I go to my site via HTTPS it says everything is great but if I go to the HTTP link which mod_redirects to the secure link it says my site is insecure.

Apply the razor

[arth1]

The examples listed are not necessarily bugs, even if they are named so when they're found out.

Never attribute to malice that which can be explained by stupidity. But then again, never attribute to stupidity that which can be explained by corporate greed.

Re:Apply the razor

[Aighearach]

explained by corporate greed.

There is no such thing as corporate greed; all greed is personal when you look under the hood.

I Blame Connectivity

[nwaack]

I think a major contributor to all these bugs is that every. single. thing. has to be connected to every. other. thing. My computer has to talk to my phone which has to talk to my watch which has to talk to my refrigerator which has to talk to my toaster. All that connectivity makes software waaay more complicated that it needs to be. Now throw in some corporate greed where software design goes to the lowest bidder and you get what we have today.

Re: I Blame Connectivity

Connectivity is not the problem. I can reach millions of web servers, that doesn't make the browser more complex.

Stuppid programmers who cannot be bothered wit std.protocols and just have to do their own thing. Stuppid corporations who ship with minimal testing and no budget for fixes.

Fortunately, there is a cure in the form of open source. Stuff that works in a no nonsense way - and bugs get fixed even if it is a single report only.

The important thing is to not use whats broken. Uninstall clunky apps, don't let them have the ad income.

Re: I Blame Connectivity

Fortunately, there is a cure in the form of open source. Stuff that works in a no nonsense way - and bugs get fixed even if it is a single report only.

Lol. Nice trolling troll.

Re: I Blame Connectivity

[DontBeAMoran]

How about stupid people who can't even spell stupid?

Re: I Blame Connectivity

moran

Re: I Blame Connectivity

OK Google. Spell stupid.

Re: I Blame Connectivity

[denis.goddard]

Oh God this. And this is why I will never buy IoT appliances while "dumb" ones are an option. And why I will never spend one penny on the monstrosity IOTA

Re:I Blame Connectivity

[hcs_$reboot]

I think a major contributor to all these bugs is

Apple.

Re: I Blame Connectivity

[TheRaven64]

Connectivity is not the problem. I can reach millions of web servers, that doesn't make the browser more complex.

It does. A modern browser splits itself into multiple processes and runs most of them with very little privilege precisely because of this. Out of those millions of web servers, the probability of at least one of them trying to attack the browser is approximately one. Browser writers know this and so have multiple layers of defence. They know that in the (roughly) 30 million lines of code in a typical browser, at least some of them will contain security vulnerabilities and so they try very hard to ensure that when (not if) a renderer process is compromised, there isn't much that the attacker can do with it. This doesn't always work: for example, someone compromising your gmail tab with a malicious image that exploits a libpng arbitrary code execution vulnerability can still log into the Play Store and replace your Internet banking app with a trojaned version.

If web browsers didn't need to exist in such a hostile environment, they'd be a lot simpler. Unfortunately, most IoT devices exist in a similarly hostile environment, yet don't add the complexity required to deal with it. Many of them use simple cores that don't even support process-style isolation of components.

More software, more bugs

Next year: Even more software, even more bugs.

Consoles

So many consoles/handhelds were hacked this year? Off-hand, 3DS went from very hackable to complete hackable (with a magnet and a ds flash cart), Vita went from hackable to on-boot hackable (3.60 firmware), PS3 went much more hackable (nearl latest firmware), Switch went hackable (up to version 3.0?). Some PS4 and XBox One news.

At this point, what consoles can't play backups or can be are uncommon enough to not be viable? How many of those are softmodable? Seems that the need for mod chips has dropped substantially.

shorter development time,...

[Selur]

I would go with shorter development time, nowadays less and less testing is done before a release,..
"Beta testing? BAhhhhh,... that is what users are for."
with that and your boss telling you to release now since he had a quick look and didn't see any problem,... (after a 5min glance)

Not going away anywhere soon with AI

[yaznaz]

Formal validations of software using math is already difficult and will be more so when applied to AI domain. Just the definition of what constitutes correctness is a challenge in such systems.
The demarcation between traditional programming bugs vs undesirable outcome due to flawed learning blurs as software complexity increases. Subtle biases or other instabilities can be introduced that influence cognition and it will be nearly impossible to trace.
If the app misbehaves, trying to trace and attribute it a segment of code may soon be a thing of past. So, 2017 as 'The Year That Software Bugs Ate the World' is probably just the precursor of a future where good enough is the new norm.

Re: Not going away anywhere soon with AI

[Zero__Kelvin]

You can't prove it correct due to Godel Incompleteness; You can only increase assurance. That's why it is called Software Quality Assurance, not Ensurance.

Is it really the year of the bugs?

[jellomizer]

I mean I remember the "Good Old Days" where the system would crash when you look at it wrong, or typed too fast. SQL Injection errors were common...

These bugs that came out this year, while bugs, is a far cry to the risk of trying to use a computer during the 1990's or before.
I haven't seen a BSOD (or its equivalent) in nearly a decade now. These glitches that we get today, while some are serious, they are rather small in the big picture.

Re:Is it really the year of the bugs?

[mccalli]

Unfortunately, handling ''typed too fast' actually was one of the iOS 11 bugs...

Re:Is it really the year of the bugs?

[OffaMyLawn]

The BSOD on W10 seems to be a big frowning emoji attempt. Which took me a minute to realize what I was looking at the first time I saw it.

Re:Is it really the year of the bugs?

[jellomizer]

Yes, an animation error. Vs crashing or locking up a system.

2017 also known as

[hey!]

the year the frog noticed the water was getting kind of hot.

Re:2017 also known as

[Aighearach]

Doubtful, since most people know that the frog thing was just some bullshit some asshole made up and not a real effect.

The reality is that frogs in heated water have nowhere to escape. That's the whole story. Give them a chance to escape, and they will; they do understand the problem, and all evidence confirms that. There was never any reason given for believing the cliche; it is just a sort of IQ test; people who are credulous to the point of mental disability will believe it, and everything else they hear, and people who check for why they think it is true will quickly come up empty and see there was never any reason to believe it even presented.

Re:2017 also known as

[hey!]

Myths are supposed to be truthful, not factual.

Too many moving parts

[cheesyweasel]

Have you taken the time to consider how many libraries are used in the average project? Most of those are open source projects, continually updating and relying on other libraries from other projects. Like coding inception.. a bug or change inside of a library, inside of a library, inside of a library inside of a program that messes everything up. Vigorous testing is the only hope.

Re:Too many moving parts

To make matters worse, it's all about unit testing. Unit testing, unit testing, unit testing! Units pass, ship it! All your calls to libraries are mocked out. When the library changes, your unit tests don't catch it.

Re:Too many moving parts

[cheesyweasel]

Exactly. How are you meant to test for everything? Continuous delivery or continuous failure?

It's because of the push back against testing

There seems to be a bit of a push these days towards not having traditional testers and removing that skillset from the SDLC is what's causing it. Partly due to the Agile/cross functional methodologies as well as CI/CD which encourages the mind set that we can just fix things quickly when things go wrong.

The idea that automation can solve all your testing needs is also becoming more prevalent, an idea often pushed by developers since they understand the programming side of it but not necessarily the testing side. It is something I see often as a professional tester/automation engineer, the idea that the developers can write all the tests. No, testing is a different mindset - developing is problem solving, testing is problem finding.

My last contract ended early when the company decided they didn't need a traditional tester at all, apparently in their minds anyone could do it, despite all my trying to show them otherwise. We started doing automation, the devs would take that over, and people like the sales people and founder would do the app testing. Yeah, right.

The mentality is summed up in idiotic posts like this Software Testing – Is It Time To Fire Your QA Team?

People use examples like Facebook and Yahoo, who both say they have no testers, as examples to be emulated without realising not all software is created equal and the need for quality on a mission critical piece of software is somewhat different to totally non critical software like Facebook.

Re:It's because of the push back against testing

[Bomarc]

You hit it. (Also I didn't see any previous post saying this). Irony ... Facebook, Yahoo (and eBay) ... all have software quality that SUCKS. They all release broken code - many times. (FB: open a video to a 'new' style window; the video doesn't play, the "back" arrow takes you back to the top of the list, you've lost your place; Yahoo: I've all but abandon it due to bad quality. eBay: New features in "rating" have grammatical errors/issue; and BAD (wrong) information -- all of these I have (attempted) to report to the companies many times. None of the companies have a meaningful feedback mechanism. For all of them -- their quality SUCKS. They are big enough that; who else are you going to go to?
For me; it is - when I see the video bug, stop scrolling down. For Yahoo, I've almost abandon it. For eBay -- don't leave any feedback -- and I'm cutting back. The thing is that these are people {managers} have no clue about quality or testing. The suggestion of ''Let's have developers test their on code'' is insane. Time and time again, developers can't write bug free code; and are unable to properly test. Why should they? They will be paid to fix it on the next release! (Which they never do). I've reviewed developers written automation. One test case - did nothing (and reported that it was successful). A group of test cases (about 40%) passed with the server "down". None of the automated test cases (written by dev's) gave any rational as what they were doing, or the goals of the test case. Were they testing the GUI function, the server function, the ability to get the job done ... ? (No documentation... I have NEVER seen a dev write a test case that made sense by reading it). Yes, they (frequently) write great code. But you need a tester behind it writing test cases; both manual and automated.

From the /. article "How Can I Make Testing Software More Stimulating"; the best response, worth reading and keeping: You can't, so don't try

Re: It's because of the push back against testing

[Reverend+Green]

My company has no QA testers, no spec to test against, no leadership motivation to get either of those things, and no financial resources to spend on them even if there was desire. We do have some unit tests but they are not a priority. As you might imagine, the quality of the end product is less than stellar.

Yet despite some serious usability issues tons of people use the system. That's considered validation of the business model. :)

Fast Company

[Hognoxious]

Fast Company - for those who find The Verge too technical.

You get what you pay for

After years of down costing, outsourcing, and hiring clueless H1 Bs this is the inevitable result.

Re: You get what you pay for

[Reverend+Green]

Sometimes I talk socially with local "entrepreneurs" building various (mostly useless) applications with 100% outsourced dirt cheap labor. Often they will often tell me about some problem they're having with the software or the "coders", expecting a sympathetic ear or useful advice.

I literally laugh out loud at them. "Hahahaha - pay peanuts, get monkeys!"

The lower the inflation-adjusted pay goes in our industry, the more skilled and knowledgeable people who are going to sit back and just laugh while everything breaks.

Capability Based Security

[ka9dgx]

If we had capability based security in our systems, this kind of stuff would require the user to knowingly allow these types of activities. Until then, we're all screwed. Stop blaming everything but the OS. It's not the programmers or the users.

Re:Capability Based Security

[phantomfive]

Android is a capabiilities-based security system.

Re: Capability Based Security

[Zero__Kelvin]

Who do you suppose will create this magical OS that doesn't allow bugs and isn't written by programmers?

Yeah. Build the house from the roof down.

When will you suckers realize that a solid, well engineered foundation is the key to every successful construction project???

You "strengthen-it-later" types are why we can't have nice things; you merely sit back in your rubble, and smugly proclaim to be the great first-mover innovators.

Re:Yeah. Build the house from the roof down.

[Rakarra]

When will you suckers realize that a solid, well engineered foundation is the key to every successful construction project???

That's great, except plenty of these programs/apps/what-have-you are made by startups. Startups have to show immediate RESULTS when it comes time for the second round of funding or else there won't be a second round. They have to build the application first, then fill in features and fix bugs.

Re: Yeah. Build the house from the roof down.

Hate to break it to you... but most software is not written by startups. Those companies shouldn't copy the methods of a startup because THEY AREN'T ONE and it is counterproductive to act like one.

Re: Yeah. Build the house from the roof down.

[Zero__Kelvin]

Yes, because startups are a new invention. There were no startups until incompetent idiots with beliefs like yours came along.

Two Bytes to $951M ..

[najajomo]

"2017 seems to have had an unusually rich supply of software flaws that fouled up major products -- from Twitter to iOS 11 to the Google Pixel 2 .. Google's Play Services software for Android ..

Something missing from that story, just on the tip of my tongue, is it any wonder this has become known as the Microsoft Slashdot.

Two Bytes to $951M

Re: Not all of them are bugs

[Reverend+Green]

Yup. Both of the Google "bugs" sure do look a lot like features. User-hostile features, sure, but planned intentional features all the same.

Google is always watching. (And listening, too, it seems.)

Stop Google now before it's too late.

Liars passing off intentional decisions as 'bugs'.

Liars passing off intentional decisions as 'bugs'.

Agile was made to reduce craftsmen. It's cheaper.

Agile was made to reduce craftsmen. It's cheaper.

The industry is reaping what it sows.