Slashdot Mirror
Software Regulatory Body?
Barbarian writes "This article at 3D Action
Planet discusses the possibility of a Software regulatory body, with
the power to impose fines on companies which release crashware. Although
the article ignores Open Source, it is insightful in it's assesment of
commercial software. The article pertains towards games, but it is intended to apply to the Software industry in general. " My only question: Much like the UN, where does the real power come from; how do the fines stick, and actually get paid?
What recourse does this leave the average consumer? There is no one to hold liable for broken software. Wait, wasn't that why companies don't want to use free software? Oh....
The problem with this argument is that is centers around the structure of the game industry as an example, and to be honest, I don't think the game industry needs to be regulated. Much as it is irritating when a game is buggy or doesn't live up to the hype, that is not a good reason to start fining the publisher. As a gamer, you have a choice if and when to buy a game. If you are the type who has to get a game the day it comes out the door, then you should also realize that you are taking a risk. You always have the option to wait a few weeks for reviews to come in or for sufficient patches to come out. If that never happens, then don't buy the game. Like the writer said, if you buy a ford that never runs, you'll never buy another ford and you'll tell others not to buy one either. That's what a free market economy is all about. Its also important to note that you are not always stuck with a buggy game. Some companies (such as Sierra Online) have 30 day return guarantees, so that if you truly can't stand the game, then you can return it. And perhaps most importantly, the worst thing that will usually happen if a game doesn't work is that you lose $50 or so. No significant time is lost, and except in the most extreme cases, your computer is not harmed.
While this may be a completely political argument, I think that regulation always is. And I'll tell you straight out, I, for one, am against it.
Regulating others so you gain is a very lazy way of getting things done. The point of the article was that by regulating the industries, we will gain. Is this really a good argument? Why don't we force all companies to hire at least one homeless person a year. That would be a wonderful idea too. A small price for them, and it will help society at large. Great idea, right?
You cannot start forcing others to do what you want. That's a socialist agenda in a free society. A contradiction to itself.
Enough of that. Now, let us imagine that such a regulatory commision came into place, and had such authority as would be needed. Now a company has some really fantastic software, but does not have the resources to test it properly, or even ensure it, due to how large it is. For example, let us imagine that a start-up company comes out with this radically new operating system, that millions of people are dying to get their hands on. However, due to the complexity of the system, and the lack of a world-wide testing base, the company does not have the funds to back it up. So they decide that due to the demand they'll release it as "not suitable for any purpose" and hopefully fix it as they get reports and a cash flow. Would a regulatory committee be helpful here?
Such a comittee could not have one test for all software to pass. It is a very large industry. In fact, each piece of specialized software would have to have its very own specialized test. So who decides what the test is and what it needs to pass? Will a company be able to distribute beta software? Whose to stop companies from charging for beta software and never making a "final" release?
I think a completely different approach must be taken. That is, if it is you that want this committee then it is you that must form it. And the companies do not have to join unless they want to. Or have something similar Consumer's Reports magazine. Just create a group that will buy and test software for those who care to read the magazine. This way, supply and demand would run the show, not some frustrated individual who wants to force his own ideas upon others.
Have you read my journal today?
Enforcing this sort of thing by law is difficult. In the past some progress has been made by putting requirements in bidding conditions for government sales. This is why almost every OS under the sun has a Posix compatibility layer. Not that the NT layer is much use. You can't use it at the same time as the normal API and if you want to be secure you have to remove it.
(Btw. this seminar, which I saw on the Heise newsticker has a few other pearls, like the fact that most firewalls can't tell the difference between a virus and a Windows NT service pack. Nor can I :-)
When my company releases a new version of our software, it inevitably has some problems in it, due to (a)our customers demanding new features fast and (b)limited testing resources. We do take responsibility for all bugs that *we* introduce, naturally, and fix them ASAP.
However.
Sometimes M$ will release a new version of DirectX which causes our application to stop working (pretty much every release has done this). Whose bug is this? Is it M$'s bug? As much as I'd like to blame them, they *do* have the right to change the API. And generally, newer versions of DX have sucked less than the previous versions. Is it ours? Our code was 100% compliant with DX(n-1).
This is the kind of situation that bothers me the most, quite frankly. Our software runs right, but because the user has changed/has never upgraded/is experimenting with/has poured water on their computer, our software ceases to function. We work to fix these bugs, but I refuse to believe that some *fine* of some kind would help. Better customer communication is all it really takes...
I don't know much about US law, being Swedish, but if a company advertises features that a product hasn't got then that's illegal in Sweden. It's called false marketing. Surely you must have similar laws over there.. There a lawsuit in the US against Origin re: Ultima Online promising without delivering, was that something similar?
/El Niño
You're completely off.
POSIX and TCP/IP are standards they say nothing of the software process and the insured higher quality one gets from adhering to it (i.e. I can write a completely POSIX compliant OS that still has a large number of bugs/KLOC (KLOC == 1000 Lines of Code)). The same applies to TCP/IP and all of the other protocols you've used as an example.
I disagree we do need a higher entry level barrier. It would discourage those that are not ready to develop software even though they may think they are. Writing Visual Basic does not a programmer make, however; a made programmer can write Visual Basic.
If what you mean by small developer is those not yet quite capable then it should be made difficult if not impossible (You go try and practice Civil Engineering without a License). They are definitely not ready to be responsible for the delivery of quality software. If by small you mean a small number then your argument is wrong. 5 to 10 highly qualified software engineers whose organization is rated at CMM LEVEL 4 could blow away in terms of quality any CMM LEVEL 1 organization.
If the argument is for higher quality software ( i.e. Zero Defects) then the solution is in the process and its management.
Why don't you pick up Managing the Software Process or A Discipline for Software Engineering by Watts Humphrey. After all he can say it a whole lot better than I, although admittedly more verbose.
"My Opinion is My Opinion and Another person has not easily a right to it" F. Nietzsche
be prepared to pay the higer costs associated with quality.
Now before all of you start getting your underwear in a wad let me explain.
The reason I think we see all of this poorly written software is two-fold.
First although there are many developers out there few of them can grasp the complexity of the development PROCESS. This often leads to bad estimates, rushed schedules, and a chaotic process. All in all you end up with a "get it out the door" attitude, so we can keep our jobs, or in more dire situations keep our company.
Secondly for the developers that do understand the development process life becomes increasingly difficult. Those developers have to deal with explaining to managers, customers, ceo's why it's going to cost so much money to write that piece of software. This is difficult to explain and in my experience always a losing proposition. I'll use an analogy to illustrate. Anyone involved in the Construction of a High Rise building (15 or more floors) can tell you that it is a process which involves hundreds of people (bricklayers, steel workers, earth movers, pile personnel, contractors, structural and consulting engineers). The individual contractors are all guided by the General Contractor which normally answers to the Structural or Project Engineer. The structural or Project Engineer requires the services of other specialized engineers for geotechnical advice and quality assurance. During the whole construction process the set of blueprints the Structural Engineer put together are used to complete and verify the work. During each phase of work the consulting engineers come in and verify that each contractor is fulfilling the specification given in the blueprints.
Software design is very much like that if not almost identical, yet ask a developer about the lifecycle of the software process, the CMM, software size estimation, code reviews and you'll often get very misguided answers if you get any at all. All of the elements in the software process are engineering disciplines in and of themselves yet I meet Project Managers who have no training or knowledge in this area, even self taught.
So if you asked a bunch of people who don't know how to create the blueprints for a high rise, to calculate the loads on the foundation and determine the proper number of piles. To determine the strength (psi) of the concrete to utilize for the slabs. To determine what amount of reinforcement steel (re-bar sizes, tie off separation, and quantity) should be placed in the load bearing sections of the wall. To calculate the loads on the structural steel, the required torque at each joint in the frame, the type of bolt (ANSI XXX), washer and nut to use. You would see a lot more buildings falling down and those that did not would be so grossly overbuilt (Empire State) that only a handful would be able to afford them. This IMHO is the current state of the software industry.
This question of regulation goes hand in hand with professional regulation and when that happens the price of software will go up as it should. Also the cost of entry into the software field will be much steeper. When it happens I think we will all be much better off but the number of people entering the software field will be diminished significantly.
"My Opinion is My Opinion and Another person has not easily a right to it" F. Nietzsche
I could go on and on about the evils of government regulation, but I won't. Suffice it to say that it's appropriate in only a few very limited circumstances, and this is definitely not one of them. What is needed here, if anything, is a consumer organization, or perhaps several of them, to give software companies and products a seal of approval. No government intervention, no official bodies. Each consumer groups sets its own criteria. Each individual decides whether or not to put any faith into any particular consumer group's seal of approval. No, it's not perfect. It relies on the vigilance of the consumer. But it would be at least as effective as government regulation, and with fewer problems.
And to be honest, I don't think anything is necessary here. I don't buy computer products, software or hardware, until I've done a little research on them. I don't buy a game on impulse because it has a flashy, cool-looking box. I buy only after reading reviews and talking to others that have played the game. This way, I never end up with crappy software. The people that do are the ones that just walk into the store and pick up the coolest-looking box. Honestly, I don't care if they get screwed, because it's their own fault. As the old saying goes, there's a sucker born every minute. There's no way to prevent suckers from getting suckered, so don't make life hard on the rest of us by trying.
I have a knee-jerk reaction against government regulation, I admit it, but I still see this being a lot more problematic than the article writer seems to think it would be.
Firstly, how are you going to get this legislation passed? That in and of itself seems like it would require big bucks for lobbying in all the various countries. Plus, all the laws would be different if it did get passed.
Secondly, how would you ensure that the government bureau policing software has a clue? Or that they don't develop a political agenda that they pursue above and beyond objective good science? Or that they don't just get bought off? The nasty thing about these kind of government bureaus is that after they're in place their decisions have the force of law, but they're not accountable to anyone. You can't vote them out, no matter how bad a job they do.
Lastly, it's only reactive: the shitty games still hit the market, and the bureau only penalizes the companies after the consumer has already gotten shafted. That's IF the company is still around and in the black.
Instead, and for a fraction of the cost, you could set up an Underwriter's Laboratory type of indie regulation agency, where they would test the stuff and if it met some criteria, give it the Sacred Fist of Judgement Seal of Decency. If it was a well-known and sought after seal, like the UL seal is for electrical appliances, it would have the desired effect: people would look for it when shopping. If enough people surfed the regulation agency's website, they might even make enough money off ads to defray some of the costs. They could also charge game companies to review their products for them, but that would only be feasible if they were already established as a standard.
This type of system works pretty well when Sony certifies games for the playstation. It's fairly rare to even find a significant bug. Of course, Sony has a complete lock on this sales channel, because you can't put a playstation logo on the game without their okay, which an indie agency would not have.
Anyway, these are my thoughts.
Jon
All opinions expressed herein are my own, and not those of my employers, who are appalled.
One of my largest concerns about this article is that it seems poised to force Publishers into making a certain type of software. Simple, un-complicated, SAFE software. Things that are technically close to perfect yet lacking in content and features. If you wanted to publish a fantastic piece of software, you would have to pay incredible amounts of money in making sure your coders wrote the whole thing, and they can fix everything, and that everything IS fixed. Suddenly anything as spiffy as Quake III Arena or Adobe Photoshop 5 has it's price tripled. And once it's out, forget about customer feedback. They met their requirement, you purchased it, end of story. Right now software publishers and developers have some vested interest in making the customer happy. But if the regulatory comittee is happy, why bother making the customer happy, right? I mean, the regulatory comittee represents the customer doesn't it? I feel like a regulatory would drive a wedge between customer and company that doesn't need to be there.
I have several other problems, but MAN! I have to stew on it more.
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
I'm dubious about the idea of a regulator to
enfore software quality, if the release of every
game has to be approved (or more likely is
followed by lawsuits from disgruntled customers)
then companies will be encouraged not to innovate
or take risks. I would prefer to accept a
certain proportion of rubbish games, with most
weeded out by reviewers than have every one
produced to the same formulas. If this become
popular then politicians would probably be keen to use it to introduce censorship.
The litmus test for any proposed regulation of consumer software quality should be SoftRAM 95. Didn't it go out with a "Designed for Windows 95" seal of approval that Microsoft subsequently yanked?
Coincidentally, today's San Jose Mercury News reports that the software industry is campaigning for regulations which would modify the Uniform Commercial Code to codify the terms of EULA's, something that has consumer groups up in arms.
If a certain software company, with very deeppockets, gave a lot of money to the next president, and key members of congress for next years election what would happen? How hard would they be checked out? My guess would be just a few face saving fines that they can afford. How hard would thier compitition be hit? Crippling fines! Want an example? Windows 9.X crashes regurally, so M$ gets a 10 million Dollar fine. M$ pays it out of petty cash. Gnome crashes sometimes. They only get a million Dollar fine. Do you think they can come up with that kind of money? How does the public react to this ? You will never get past "But Microsoft was fined 10 times as much money"
Quemadmodum gladius neminem occidit, occidentis telum est
This idea has been around since the 1960's, and was a topic of hot debate in the late 70's until the mid-80's (for some reason the debate died down when microso~1 came to dominate :-)
This is another version of putting the IEEE in charge of licensing SW engineers, or forcing warantees on SW to be the same as for any other manufactured good, etc.
His idea of fining the publishers is not the best idea, since they will just force the developers to sign more legal BS and if they get fined pass it on to the developers or their insurers. I get hit with this occasionally, when a client requires professional liability insurance. I triple my rate to cover the costs, often $20000 to $50000 per year per project. Twice my clients didn't blink when I asked them to cover the full insurance costs.
I think if something like this ever happens, it will be like the Underwriters Laboratories seal of approval. The UL mark started as a voluntary thing in the electrical industry, because appliance makers often turned out badly designed products which electrocuted people, burned down houses, or just died after a weeks use. Soon retailers would only offer for sale UL marked appliances. But now UL approval is required by law before you can market or sell any electrical item in the US. The approval process ensured so much quality, that lawmakers were able to hold it up and point to it as a minimum standard.
So beware of this process. A few years ago I would have said it would be inevitable, but with the Free Software/Open Source movements, the point becomes a bit moot. Any software which remains closed or patented may soon find itself regulated by a 'voluntary' certification body.
I think he uses the word 'scary' a little too much in this OpEd piece. Its not that scary to anyone in the FS/OS world, in that you have to have some accountability at some point along the way. FS/OS people can move the accountability from place to place, if the original writer didn't do a good enough job, then the end user can take on the job to fix it, if it is truly important. Closed source products have to disclaim all accountability at all points, since the ability to fix a problem rests with whoever has access to the source.
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Perhaps in much the same way as /. warns about registration required when pointing at the New York Times, it might also be useful if you would include a warning when Microsoft is required for proper viewing of a page you link to.