Fog Creek Software
Discussion Board




Proposal for defect-free software

Certification is important.  Therefore a license is required before anyone can own or operate a computer, just as with automobiles.  Furthermore, insurance companies might insist on competency and sobriety tests before users install new packages. 

Computing is becoming cheaper.  Companies must make modular versions of all their software, and consumers may only use one machine for one purpose.  If financial software is running on a computer, neither email nor Morpheus may be installed.

Users who purchase software outright are responsible for either hiring code janitors, or perform their own maintenance.  Sourcecode must be provided for this purpose, though it might be more economical to rent software and have the company maintain it.  But in all cases a user is liable for any damage caused by misuse, neglect, or willful ignorance.

Please give me your thoughts on this.  I like how users believe that software can be more reliable than anything they have ever encountered in their lives, and it's gratifying.  Cheap condoms can be faulty, but not cheap software.  Before lawyers start arguing how computers are deadlier than guns, they should realize that means computer safety classes are in order.

jon s.
Tuesday, June 18, 2002

How will certification cause software to be defect free?

The same people who write defective software now would probably already qualify for the license, and keep writing defective software.

Matthew Lock
Wednesday, June 19, 2002

Tom DeMarco has a pretty interesting take on software certification and why it's a bad thing:

http://www.systemsguild.com/GuildSite/TDM/certification.html

Matthew Lock
Wednesday, June 19, 2002

Certification for the users, not just the programmers.  Like a driver's license.

jon s.
Wednesday, June 19, 2002

They tried to implement a "Computer Driving Licence" here in Australia a few years ago.

http://www.acs.org.au/icdl/

As far as I can tell it was a total flop.

Matthew Lock
Wednesday, June 19, 2002

What Drek.

There is absolutely no need for any kind of legally imposed "certification" for either producers or consumers of software systems (or anything else for that matter).  If the marketplace considers it valuable that software be produced by "certified professionals," then some private enterprise(s) will step up to fill the need.  They already do an excellent job of this in some sectors.  Why should anyone be forced to subsidize certification if he is perfectly content with software produced by "uncertified professionals?"

Keep_Your_Rules_To_Yourself
Wednesday, June 19, 2002

" There is absolutely no need for any kind of legally imposed "certification" for either producers or consumers of software systems (or anything else for that matter)."

Apparently, security holes and viruses accounted for many billions of lost revenue, as well as lost lives.  Operators of such dangerous machinery need at the minimum to take classes on the responsible use of those machines.

My position is that IF software companies should be open to lawsuits, THEN users need to become licensed.  Arguing otherwise is to argue against driver and gun licenses.

jon s.
Wednesday, June 19, 2002

I have absolutely no problem arguing against gun licenses, using roughly the same argument Tom DeMarco used in the link above against software licenses, which I also greatly despise.

As for driver's licenses, there's a demonstration of all that can go wrong with a licensing scheme.  Some people still drive drunk.  Some still drive irresponsibly.  Some still fall asleep at the wheel.  Cars still break down.  Accidents still happen.  The US alone has to employ hundreds of thousands of traffic cops, DMV workers, administators, and an entire department of its executive branch.

Finally, consider the ultimate purpose of software and of computers: they are there to automate work which a human would have to do otherwise.  Computers are supposed to be a multiplier effect on productivity.  Licensing and the associated necessary overhead would turn it into a divider effect.

Paul Brinkley
Wednesday, June 19, 2002

> As for driver's licenses, there's a demonstration of all that
> can go wrong with a licensing scheme.

And yet, we don't know how much worse it would be w/o enforced drivers licenses. Just because a solution has problems doesn't mean removing the solution is the answer.

Matt Christensen
Wednesday, June 19, 2002

jon s. has a great point. When a driver runs over someone, we don't blame the car maker; we blame the driver. Why don't we apply this principle to the spreading of viruses or disclosure of private data?

Big banks, for example, have a duty of care to safeguard our private data. If that data is disclosed to the world because a bank sys admin failed to install a patch or configure the server properly, why shouldn't the bank be held accountable?

Hugh Wells
Wednesday, June 19, 2002

Certification has a place in situations where it can not reasonably be expected that the contracter can judge the competence of the contractee. E.g. If you visit a doctor, as a patient you can not be expected to judge the skills of the doctor, hence the certification requirement.
As an employer, you should be able to judge the competence of an employee. You might want to outsource this by requesting a certificate for non-core competences by requiring a certificate, but when it comes to core competences (e.g. a software company hiring a programmer) I personaly believe you are better off not relying on external entities for competence judgements.

Just me (Sir to you)
Wednesday, June 19, 2002

Justme... his proposal is to certify the user.  How that will create defect-free software is beyond me. 

Joe AA.
Wednesday, June 19, 2002

Because the uninformed user must be identified as a main source of problems that lead to the huge losses blamed on software.  If we can't point this out, then we can't fix the software.

Read any book for security experts or sysadmins.  The user has the keys of security in hand.  And for novice users, security trades off with usability.

People are beginning to advocate using lawsuits and regulations against software houses, because of humanity's increasing dependence on them.  If this is the case, the computer is simply becoming too powerful to use without education.

jon s.
Wednesday, June 19, 2002

would any such user certificate ok a user  to operate uncertified software developed by uncertified developers ;-)

Just me (Sir to you)
Wednesday, June 19, 2002

"Operators of such dangerous machinery need at the minimum to take classes on the responsible use of those machines.... Arguing otherwise is to argue against driver and gun licenses."

I do argue against gun and driver license requirements.  Certainly, if I own a road or a shooting range, then I should be free to grant or deny access to them based on whatever criteria I choose, but I should have no say over how access to the road/shooting range owned by the fellow down the street is determined.  You don't currently need a driver license to drive around your own property, but they are part of the contractual obligations you incur if you wish to make use of publically owned roads.

Similarly, if you own a computer system or network, you are free to grant access to only select individuals based on whether they possess a "certification" from some organization that you trust is capable of accurately determining the user's ability to operate safely in your environment. 

What I object to, though, is you requiring me to follow the same standards.  If I want to grant access to *my* computer system to uncertified individuals, perhaps to increase my customer base, that is my business.  If I choose to grant access only to users certified by a different organization than the one you trust, that is also my business.

"Certification has a place in situations where it can not reasonably be expected that the contracter can judge the competence of the contractee. E.g. If you visit a doctor, as a patient you can not be expected to judge the skills of the doctor, hence the certification requirement. "

I would not argue against the value of certification, only against it being a *requirement.*  If I am comfortable making use of competing services offered by uncertified individuals (perhaps at a discount), why not allow me that choice?  This does not prevent you from seeking out certified providers if that is what you are comfortable with, while still preserving my freedom to choose differently from you. 

The other big issue with many of the certification proposals is that most seek to make a single organization, either directly or indirectly through a set of approved delegates, the only source of certification.  This introduces all of the problems typical of a monopoly situation and provides essentially zero benefit.  Why is this ever a good thing?

Keep_Your_Rules_To_Yourself
Wednesday, June 19, 2002

Jon S... The user is to blame for problems with software?  I don't think so... it really sounds like denial to me.  Are you saying that if the user finds a terrible bug "I" put into the software then it is his fault? 

No wonder we can't improve quality, not with an easy out like that one.  Most licensing agreements guarantee that nothing is going to work anyway.  No reason for us as individual programmers to feel at fault, no reason for us to stand up to all of "they"... you know, the "they" that want to ship before it's time, or install before it's time, or just plain want to do something totally stupid because "they" is management.

Nope, not my fault.  Go along to get along is my job.  And I want my own private office to do it in... and a guaranteed 40 hour week... and a six figure salary.  Oh, and free coffee, snacks would be good.  Would a free lunch be too much?

It is an interesting concept... lawsuits determining the power of computers. 

Joe AA.
Wednesday, June 19, 2002

Users are definitely to blame. Users in no way demand defect-free software. It would be irresponsible for most software developers to develop defect free software since it is not an important attribute in most software purchasing decisions.

pb
Wednesday, June 19, 2002

I don't understand this obsession with defect-free software.  No area of human endeavor is defect-free.  Do you expect the work of your co-workers to be defect free? 

Of course you don't.  So why do you expect it from software?

Imagine a system in which a human drives a train through tunnels under a city, to transport people from place to place.  (We might call it a "subway.")  Software may advance to the point that we could contemplate eliminating human drivers and routing the cars "automatically," according to a computer program, throughout the city.

The computer system is huge -- a bloated monstrosity of code.  It's buggy.  There are problems that everyone who works on the system knows about.  But for the most part, it works.  It gets people from place to place, without accidents.

Until one day when there's a terrible collision.  Lots of people killed.

Somebody writes an article and uses sad story as an example of the sorry state of computer programming.

But, folks, remember that when HUMANS drive subways, they have collisions.  They may even have MORE collisions than when a computer drives them.  The "programs" in the minds of the human beings are deeply flawed.  Some of the drivers don't understand some of the basic security features of the trains, because they missed that day of training and had a friend sign in for them; some of them are just forgetful; or tired from partying late last night; some are suicidal and want to crash their train.

The question is what has better results -- computer driving or human driving.  In both cases, it's actually a person doing the driving (when a program intervenes, the person is just more remote); and in both cases it's a program doing the driving (just a question of whether the machine is made of silicon or flesh).

programmer
Wednesday, June 19, 2002

So, it's okay for badly written software to kill people, because sometimes humans doing the same job would kill people?

Perhaps defect-free software is an impossibility, just as very occasionally bridges fall down or trains crash. This doesn't mean that these situations are acceptable -- people should find out what allowed it to happen, and never let it happen again.

I was in Heathrow Airport waiting for a 'plane on the day that South East England's traffic control computers stopped working, and I certainly did not rationalise the massive delay to myself by thinking, "Oh, it's understandable, the same thing would happen if someone spilled their coffee on the master traffic-control diagram".

In conclusion: I certainly don't _expect_ software to be defect-free, but I don't accept an analogy with human behaviour as an excuse for defects.

Adrian

Adrian Gilby
Wednesday, June 19, 2002

It does not in any way absolve companies from making defective software.  In fact, companies will have an increased responsibility to make better software.

Any good engineer will tell you that you need to design for a range of user actions.  If users act outside this range, on general-purpose computers, then how can one engineer?  The auto industry deliberately limits the power of cars, and strap people in with belts.  But users want their computers to be as interesting as possible.  And yet safe on the net.

If they give us the engineering goal of safe computers, then we must take the user into account.  And again, this is my position only if we accept greater lawsuits for "billions of dollars" in damages.  This world of lawsuits would be all about blame anyway, an innovation hell.

jon s.
Wednesday, June 19, 2002

I agree that it's not acceptable for software to kill people, any more than it is acceptable for bad civil engineering or any other human negligence to kill people.

But I think the point I made (a few postings up this thread) is a sound one.  Too often, people seem to believe that when an important process is "controlled" by code, that it should be perfect.  "Of course I can accept screw-ups when a person is at the helm, but machines shouldn't make mistakes," these people seem to think.

The fact is:  A human is ALWAYS at the helm, with all the negligence, fallibility, stupidity and dumb mistakes that implies.  The fact that there's a computer program doesn't diminish the element of human error in the slightest -- it just shuffles it elsewhere. 

programmer
Wednesday, June 19, 2002

jon,

You're right that imposing licensing and certification requirements on users is the way to go.

Acquaintences always want me to find out what's wrong with their Windows computers. It's always the same thing -- the hard drive is full of shareware, freeware, trojan crackware, and  viral ecard cartoon animation programs mindlessly downloaded from attachments that came in email from people they don't know. The result, complete chaos caused by all this free software. Never do I find problems caused by software they paid for from real companies. But they all blame microsoft. I just nuke and pave (reformat and reinstall windows) and they become amazed that I made their computer 5 times faster.

People need to be trained in how to manage their software before being allowed to get their hands on some poor innocent computer.

Ed
Thursday, June 20, 2002

Yanno, I've been thinking this licensing thing over, and I think I have had a change of heart.  I see now that users are indeed a dangerous lot and must be controlled for the benefit of the greater good.  Rogue programmers too, who nefariously release buggy software in an effort to improve their bottom line and time to market.  If their customers won't punish these beasts by witholding their hard earned cash, then we definitely should.

In fact, my eyes are now open to a whole host of places where we could apply this kind of solution.  For instance, it horrifies me just how often people write down information that is inaccurate, poorly conceived, and sometimes even downright false. 

To make matters worse, even when well meaning people like the folks that post their thoughts to this message system take the time write down good, high quality information, other people read it and misuse it in one way or another.  Billions of dollars are sometimes lost due to these phenomena.  Check out the f*cked company web site and see the price we pay just for allowing people to post stock tips on the internet!

Obviously, this calls for strict licensing of both producers and consumers of printed information.  No one should be able to put pen to paper or to tap on a keyboard unless they've been rigorously tested and certified as consistently producing correct and complete written information.  We also need to immediately begin the process of rounding up all those rascal-readers <tm> out there too, so we can make sure they are capable of properly consuming all the information we *do* allow to make it to the printed page.  I'm personally in favor of not allowing a person to even see a book until they are at least twenty-one years old.  Much too irresponsible before that age, you see.

That should get us started on our way, though I still need to think about what to do about all the people out there talking and listening to each other.  I can't prove it, but I think this might be an even bigger problem than the reader/writer crisis.  After all, many of those previously mentioned stock tips were passed by word-of-mouth around the water cooler at work....

Keep_Your_Rules_To_Yourself
Thursday, June 20, 2002

Why can't people install all those silly little programs like "comet cursor" if they want to on their home computer?

The reason cars and guns are licensed is because they are clearly life endangering in the wrong hands.

I have a hard time believing that my mother in law's home computer with Gator slowing it down is as dangerous as a gun or car.

Matthew Lock
Thursday, June 20, 2002

Heh heh.  Keep_Your_Rules_To_Yourself is now officially my friend.

Paul Brinkley
Thursday, June 20, 2002

Licensing may not be the answer, but a healthy dose of *real* education might be.

You know, prior to getting a driver's license, the things that are stupid to do when driving a car (or at least the major ones)...Driving a car off a bridge is generally considered to be a bad idea...Driving a car with your toes while leaning out the window catching butterflies in a bag is also generally considered to be a bad idea.

But people do things like this with computers all the time (well, not literally, but equally silly or stupid) largely because they don't get it. They just don't understand. Are they too stupid to understand? Not necessarily. Sometimes it's hard for us, who are so mired in the IT world, who read things every day about what happens when you do x y or z, or who were brought up with computers (like I was) to understand how they can NOT understand.

Computers are different than anything they've seen before - there's no analogy. It's not like a TV - even though you can watch something on it (smut you watch on TV can't hurt your TV - it's temporary - but if you watch it on the computer, sometimes it's not quite so temporary!) it's not like a calculator even though you can do calculations with it.

Lots of people have written books about the technical aspects of computers, but that assumes that the person starting out has any desire to read them.

What would I suggest as the venue for the education? Dunno - maybe have computer manufacturers write a list of the "golden rules" of internet surfing (since that's what most people buy computers for anymore anyhow) and pack it into the box on top of the monitor or have it built into the OS's so if you start to do something stupid you have to choose whether you really want to do that something stupid prior to doing it....

I'm not sure - I've had acquaintances at work who are supposedly tech savvy smart people spread viruses by opening email attachments from people they don't know, that clearly look suspicious to me.

But I do believe that the responsibility should lie with the people doing the stupid things. I can't expect the software manufacturers to keep me completely safe any more than I can expect the car manufacturer to keep me from driving off the bridge (if I want to).

Bevin Valentine
Thursday, June 20, 2002

Users demanding defect-free software will not make it so.  The programmer must do so.  If you really believe it would be irresponsible for a programmer to improve his quality without this demand, then I clearly know the quality of your work.

By the way, do you have someone's permission to express your thoughts?  Who demanded it?  I want to be able to revoke his/her "certification".

Joe AA.
Thursday, June 20, 2002

*  Recent Topics

*  Fog Creek Home