Software Regulatory Body?

Barbarian writes "This article at 3D Action Planet discusses the possibility of a Software regulatory body, with the power to impose fines on companies which release crashware. Although the article ignores Open Source, it is insightful in it's assesment of commercial software. The article pertains towards games, but it is intended to apply to the Software industry in general. " My only question: Much like the UN, where does the real power come from; how do the fines stick, and actually get paid?

Good Idea, possibly. Has anyone read The Republic?

[Chacham]

You know, the one written by Plato about a discussion that Socrates had. Wonderful and fantastic ideas. However, when it got right down to deciding how life would be better for the individual, regulating the public was the method.

While this may be a completely political argument, I think that regulation always is. And I'll tell you straight out, I, for one, am against it.

Regulating others so you gain is a very lazy way of getting things done. The point of the article was that by regulating the industries, we will gain. Is this really a good argument? Why don't we force all companies to hire at least one homeless person a year. That would be a wonderful idea too. A small price for them, and it will help society at large. Great idea, right?

You cannot start forcing others to do what you want. That's a socialist agenda in a free society. A contradiction to itself.

Enough of that. Now, let us imagine that such a regulatory commision came into place, and had such authority as would be needed. Now a company has some really fantastic software, but does not have the resources to test it properly, or even ensure it, due to how large it is. For example, let us imagine that a start-up company comes out with this radically new operating system, that millions of people are dying to get their hands on. However, due to the complexity of the system, and the lack of a world-wide testing base, the company does not have the funds to back it up. So they decide that due to the demand they'll release it as "not suitable for any purpose" and hopefully fix it as they get reports and a cash flow. Would a regulatory committee be helpful here?

Such a comittee could not have one test for all software to pass. It is a very large industry. In fact, each piece of specialized software would have to have its very own specialized test. So who decides what the test is and what it needs to pass? Will a company be able to distribute beta software? Whose to stop companies from charging for beta software and never making a "final" release?

I think a completely different approach must be taken. That is, if it is you that want this committee then it is you that must form it. And the companies do not have to join unless they want to. Or have something similar Consumer's Reports magazine. Just create a group that will buy and test software for those who care to read the magazine. This way, supply and demand would run the show, not some frustrated individual who wants to force his own ideas upon others.

Unworkable

[Erik+Corry]

An alternative might be to somehow dictate open API, protocols and file formats. That way, people would choose software on the basis of performance, price and stability, rather than on the basis of being locked into compatibility with their own data, other users or certain hardware. Instead of interfering with the mechanisms of free competition, you remove some of the monopolistic forces that are preventing them from working.

Enforcing this sort of thing by law is difficult. In the past some progress has been made by putting requirements in bidding conditions for government sales. This is why almost every OS under the sun has a Posix compatibility layer. Not that the NT layer is much use. You can't use it at the same time as the normal API and if you want to be secure you have to remove it.

(Btw. this seminar, which I saw on the Heise newsticker has a few other pearls, like the fact that most firewalls can't tell the difference between a virus and a Windows NT service pack. Nor can I :-)

Whose bug is it anyway?

[Hoss]

When my company releases a new version of our software, it inevitably has some problems in it, due to (a)our customers demanding new features fast and (b)limited testing resources. We do take responsibility for all bugs that *we* introduce, naturally, and fix them ASAP.

However.

Sometimes M$ will release a new version of DirectX which causes our application to stop working (pretty much every release has done this). Whose bug is this? Is it M$'s bug? As much as I'd like to blame them, they *do* have the right to change the API. And generally, newer versions of DX have sucked less than the previous versions. Is it ours? Our code was 100% compliant with DX(n-1).

This is the kind of situation that bothers me the most, quite frankly. Our software runs right, but because the user has changed/has never upgraded/is experimenting with/has poured water on their computer, our software ceases to function. We work to fix these bugs, but I refuse to believe that some *fine* of some kind would help. Better customer communication is all it really takes...

Regulation is OK, but

[mbonet]

be prepared to pay the higer costs associated with quality.

Now before all of you start getting your underwear in a wad let me explain.

The reason I think we see all of this poorly written software is two-fold.
First although there are many developers out there few of them can grasp the complexity of the development PROCESS. This often leads to bad estimates, rushed schedules, and a chaotic process. All in all you end up with a "get it out the door" attitude, so we can keep our jobs, or in more dire situations keep our company.

Secondly for the developers that do understand the development process life becomes increasingly difficult. Those developers have to deal with explaining to managers, customers, ceo's why it's going to cost so much money to write that piece of software. This is difficult to explain and in my experience always a losing proposition. I'll use an analogy to illustrate. Anyone involved in the Construction of a High Rise building (15 or more floors) can tell you that it is a process which involves hundreds of people (bricklayers, steel workers, earth movers, pile personnel, contractors, structural and consulting engineers). The individual contractors are all guided by the General Contractor which normally answers to the Structural or Project Engineer. The structural or Project Engineer requires the services of other specialized engineers for geotechnical advice and quality assurance. During the whole construction process the set of blueprints the Structural Engineer put together are used to complete and verify the work. During each phase of work the consulting engineers come in and verify that each contractor is fulfilling the specification given in the blueprints.
Software design is very much like that if not almost identical, yet ask a developer about the lifecycle of the software process, the CMM, software size estimation, code reviews and you'll often get very misguided answers if you get any at all. All of the elements in the software process are engineering disciplines in and of themselves yet I meet Project Managers who have no training or knowledge in this area, even self taught.

So if you asked a bunch of people who don't know how to create the blueprints for a high rise, to calculate the loads on the foundation and determine the proper number of piles. To determine the strength (psi) of the concrete to utilize for the slabs. To determine what amount of reinforcement steel (re-bar sizes, tie off separation, and quantity) should be placed in the load bearing sections of the wall. To calculate the loads on the structural steel, the required torque at each joint in the frame, the type of bolt (ANSI XXX), washer and nut to use. You would see a lot more buildings falling down and those that did not would be so grossly overbuilt (Empire State) that only a handful would be able to afford them. This IMHO is the current state of the software industry.

This question of regulation goes hand in hand with professional regulation and when that happens the price of software will go up as it should. Also the cost of entry into the software field will be much steeper. When it happens I think we will all be much better off but the number of people entering the software field will be diminished significantly.

Agreed, government regulation = bad

[Thag]

I have a knee-jerk reaction against government regulation, I admit it, but I still see this being a lot more problematic than the article writer seems to think it would be.

Firstly, how are you going to get this legislation passed? That in and of itself seems like it would require big bucks for lobbying in all the various countries. Plus, all the laws would be different if it did get passed.

Secondly, how would you ensure that the government bureau policing software has a clue? Or that they don't develop a political agenda that they pursue above and beyond objective good science? Or that they don't just get bought off? The nasty thing about these kind of government bureaus is that after they're in place their decisions have the force of law, but they're not accountable to anyone. You can't vote them out, no matter how bad a job they do.

Lastly, it's only reactive: the shitty games still hit the market, and the bureau only penalizes the companies after the consumer has already gotten shafted. That's IF the company is still around and in the black.

Instead, and for a fraction of the cost, you could set up an Underwriter's Laboratory type of indie regulation agency, where they would test the stuff and if it met some criteria, give it the Sacred Fist of Judgement Seal of Decency. If it was a well-known and sought after seal, like the UL seal is for electrical appliances, it would have the desired effect: people would look for it when shopping. If enough people surfed the regulation agency's website, they might even make enough money off ads to defray some of the costs. They could also charge game companies to review their products for them, but that would only be feasible if they were already established as a standard.

This type of system works pretty well when Sony certifies games for the playstation. It's fairly rare to even find a significant bug. Of course, Sony has a complete lock on this sales channel, because you can't put a playstation logo on the game without their okay, which an indie agency would not have.

Anyway, these are my thoughts.

Jon

Bad regulatory comittee! Bad!

[Bad+Mojo]

One of my largest concerns about this article is that it seems poised to force Publishers into making a certain type of software. Simple, un-complicated, SAFE software. Things that are technically close to perfect yet lacking in content and features. If you wanted to publish a fantastic piece of software, you would have to pay incredible amounts of money in making sure your coders wrote the whole thing, and they can fix everything, and that everything IS fixed. Suddenly anything as spiffy as Quake III Arena or Adobe Photoshop 5 has it's price tripled. And once it's out, forget about customer feedback. They met their requirement, you purchased it, end of story. Right now software publishers and developers have some vested interest in making the customer happy. But if the regulatory comittee is happy, why bother making the customer happy, right? I mean, the regulatory comittee represents the customer doesn't it? I feel like a regulatory would drive a wedge between customer and company that doesn't need to be there.

I have several other problems, but MAN! I have to stew on it more.

An old idea, regurgitated again

[anticypher]

This idea has been around since the 1960's, and was a topic of hot debate in the late 70's until the mid-80's (for some reason the debate died down when microso~1 came to dominate :-)

This is another version of putting the IEEE in charge of licensing SW engineers, or forcing warantees on SW to be the same as for any other manufactured good, etc.

His idea of fining the publishers is not the best idea, since they will just force the developers to sign more legal BS and if they get fined pass it on to the developers or their insurers. I get hit with this occasionally, when a client requires professional liability insurance. I triple my rate to cover the costs, often $20000 to $50000 per year per project. Twice my clients didn't blink when I asked them to cover the full insurance costs.

I think if something like this ever happens, it will be like the Underwriters Laboratories seal of approval. The UL mark started as a voluntary thing in the electrical industry, because appliance makers often turned out badly designed products which electrocuted people, burned down houses, or just died after a weeks use. Soon retailers would only offer for sale UL marked appliances. But now UL approval is required by law before you can market or sell any electrical item in the US. The approval process ensured so much quality, that lawmakers were able to hold it up and point to it as a minimum standard.

So beware of this process. A few years ago I would have said it would be inevitable, but with the Free Software/Open Source movements, the point becomes a bit moot. Any software which remains closed or patented may soon find itself regulated by a 'voluntary' certification body.

I think he uses the word 'scary' a little too much in this OpEd piece. Its not that scary to anyone in the FS/OS world, in that you have to have some accountability at some point along the way. FS/OS people can move the accountability from place to place, if the original writer didn't do a good enough job, then the end user can take on the job to fix it, if it is truly important. Closed source products have to disclaim all accountability at all points, since the ability to fix a problem rests with whoever has access to the source.

Unforeseen MS-HTML in links

[Tom+Christiansen]

I tried to read the article linked to, but that's hard to do when the article isn't even in HTML, but rather was written using MS-HTML. This is that annoying thing that makes "?" show up all over your screen as illegal characters are encountered.

Perhaps in much the same way as /. warns about registration required when pointing at the New York Times, it might also be useful if you would include a warning when Microsoft is required for proper viewing of a page you link to.