:fa_gamepad: :fa_car: :fa_bug: Remote control cars: Nissan Leaf edition
-
In that respect, I agree with you, at least partially. Medical, aviation and transportation are heavily regulated. But I think, as with Engineers, Programmers should have to pass SOME sort of licensing exam, and they should have to re-certify every 5 or so years.
That's going to raise some important questions.
- Who gets to be in charge of the certification criteria?
- How much time/money does a single certification cost?
- How granular are the certifications - are engineers certified as generic Software Engineers, or are they certified by industry? Stack? Programming language? A single framework for a single programming language?
- If I have a C# certification, do I also need a SQL Server certification to do any database work? Am I only going to be able to apply for C# jobs?
- If I want to start a business, am I only allowed to use languages and platforms in which I'm certified?
- How much freedom do certified developers have? Will they be forced into implementing, say, Java Patterns Madness and
IAbstractFactoryManagerFactory?
Some copy+pasta script kiddy may not get someone killed from a poorly thought out and executed medical device software problem, but they could end up costing whoever hired them their life savings because they foolishly setup a small business' payment processing insecurely, and get the owner sued out of business.
This is why we have limited liability companies.
-
Life critical stuff (cars, hospital software) should definitely have to follow strict regulations and be inspected by a third party
What sort of regulations?
Consumer devices, particularly those that connect to the internet, should have to meet some basic standards, including: can't sell stuff with known security flaws (defined as devices that let 3rd parties to see or control anything about the device without your explicit permission)
If someone breaks into a house, turns on the TV and changes the channel, would this be a violation? Seems pretty elastic.
any found flaws have to be patched within X days (and probably have the company pay a monetary fine for each one)
What about zero-days?
What if the company is using version 2.8 of Framework Q, and the only fixes available are for version 3.0, which has breaking changes and requires reviewing and updating a million lines of code? The only way that risk can really be balanced is by jacking up prices.
online services guaranteed to work for X years
Also going to jack up prices.
no arbitrarily removing existing features
So the IP owners no longer have full control over their products? This is starting to sound more like a rant than a policy proposal. Being forced to maintain all those features is going to translate into... higher prices.
refunds for all customers if you break any of those promises
Higher prices!
Basically if I buy something, I should have the right to it not be broken (like I already have with most other kinds of products).
I'm not sure you even have that right with purchases of traditional products. Shit breaks, life sucks, etc.
Other software? That's harder to say, mostly because aside from some obvious mistakes, it's so hard to define what constitutes good code or good programmers.
And that only illustrates why throwing regulations at the problem without careful consideration is dangerous.
The important thing to keep in mind here is that 3rd party certifications are already possible. So if a "programmer license" was possible and useful, you'd expect most companies today to ask for them already. Are they? Well, AFAIK, not really.
The fact that the industry is about half a century old and, after having experienced several periods of rapid, revolutionary change, still doesn't have such a requirement should indicate that it's not an urgent problem.
The market has spoken - software has to be cheap as possible. Security is expensive, and hardly anyone wants to pay for it. There's not going to be any change on that front until something REALLY bad happens and the market accepts paying 2-10 times as much for a given piece of software.
-
@anonymous234 said:
no arbitrarily removing existing features
So the IP owners no longer have full control over their products?
Arbitrary removal of features is bait-and-switch. This is a form of fraud that is (or should be) subject to criminal prosecution in some jurisdictions. How about, no removal of existing features without plenty of notice and equitable compensation?
-
Higher prices!
You know what would really lower prices? Instead of having to make actual devices, companies could just put a brick inside the box they sell you.
The market has spoken - software has to be cheap as possible. Security is expensive, and hardly anyone wants to pay for it. There's not going to be any change on that front until something REALLY bad happens and the market accepts paying 2-10 times as much for a given piece of software.
Yet we still force buildings, cars, and airplanes to be secure, even though if you removed all the restrictions, many people would probably want to fly a super cheap plane. Something is inconsistent here.
-
Arbitrary removal of features is bait-and-switch. This is a form of fraud that is (or should be) subject to criminal prosecution in some jurisdictions. How about, no removal of existing features without plenty of notice and equitable compensation?
I suppose that's fair, but I would worry that it prevents the developer from fixing misfeatures. Suppose there's a feature which effectively does
rm rf /on your product's local storage. Quite a few of your customers have gotten burned by accidentally using it, so you insert a couple confirmation steps. This greatly reduces their pain, but it also breaks automation scripts in the process. Overall, it's now a better product, but would you be liable for removing/altering the "feature" of easy-storage-wiping that a few users had come to rely on?Another example: you have a game in beta testing and there's a character skill called Mega Nuke which one-hit-kills everything within a 100-meter radius. After balance testing, you decide to cut the damage greatly and apply a debuff instead. The skill is now a lot more fair, but a bunch of 13-year-old griefers are upset that they can't grief using the skill anymore. Can they sue you over that?
-
You know what would really lower prices? Instead of having to make actual devices, companies could just put a brick inside the box they sell you.
This would be an effective way of lowering prices, but it doesn't make little Bobby any happier that now that he has to spend $200 of his allowance money to buy Call of Dudebros: Black Cops 15 instead of $60.
Yet we still force buildings, cars, and airplanes to be secure, even though if you removed all the restrictions, many people would probably want to fly a super cheap plane. Something is inconsistent here.
The inconsistency here is that software failures are usually little more than an annoyance, while system failures in those particular systems can reasonably lead to significant amounts of death and destruction.
-
-
The inconsistency here is that software failures are usually little more than an annoyance, while system failures in those particular systems can reasonably lead to significant amounts of death and destruction.
You've also got the problem that you've got systems that are perfectly fine in themselves, but become very much not fine when integrated in particular ways and used with certain business practices. Where does the liability then lie? With the integrator, of course. Which is where it is now. Some code that I have written has been used in railway signalling software. While I wrote the code to be as good as possible, I most certainly do not certify that it is suitable for that usage and don't carry insurance of that sort of level. Who has the liability? The creators of the railway signalling software, not my library.
Most libraries and components are not certified by their publishers for particular uses precisely because of this. It's only whole systems that can ever be suitable or not, and it is the system integrator who has to make the judgement call and carry the liability. It's also one of the reasons why the cost of an integrated solution is so frequently much more than the cost of the pieces in it; you're not just buying the parts, but the whole and the promise that the whole thing works for what you intend to use it for.
-
That's going to raise some important questions.
Who gets to be in charge of the certification criteria?
How much time/money does a single certification cost?
...[snip]...
How much freedom do certified developers have? Will they be forced into implementing, say, Java Patterns Madness and IAbstractFactoryManagerFactory?In summation, my answer to this is simple:
A.) I don't care who would be put in charge of it, because it would basically just be a sanity check, nor do I care if they charge for it, or if they test on a macro or micro scale
but, since you asked,
B.) I think the certification could simply be a basic level, DO YOU KNOW WHAT THE FUCK YOU ARE DOING type of test for programming principles in general. But shit, I dunno, run it the way they run licensing for Engineers for all I care. I could pass whatever test they put in front of me, I wouldn't care. The point is to keep the people who COULDN'T pass any such test, the fuck AWAY from ruining people's lives and businesses.This is why we have limited liability companies.
No, that is a symptom of one of the problems. And LLCs will not save your ass from losing your business. They MAY save you from being sued into oblivion, IF you were smart enough to organize into an LLC before you opened your business in the first place (which plenty of small shops don't do).
-
But to get the VIN you'd have to look at the car pretty close, which I don't think even John H. Nissan can do without projectile vomiting his guts everywhere.
You forget that hackers don't have to target a specific car.
Just like identity thieves don't have to target a specific identity.
-
You know what would really lower prices? Instead of having to make actual devices, companies could just put a brick inside the box they sell you.
...
Yet we still force buildings, cars, and airplanes to be secure, even though if you removed all the restrictions, many people would probably want to fly a super cheap plane. Something is inconsistent here.
Shhh... careful. Pointing out to people with that sort of ideology that yes, a higher-quality product is indeed more expensive than a lower-quality product, and that yes, that doesn't magically change when the quality improvement involves establishing a minimum quality floor for a class of products, and that that's not a bad thing, has been known to break their brain.
-
A.) I don't care who would be put in charge of it, because it would basically just be a sanity check, nor do I care if they charge for it, or if they test on a macro or micro scale
Even if it would affect your current or future employment?
B.) I think the certification could simply be a basic level, DO YOU KNOW WHAT THE FUCK YOU ARE DOING type of test for programming principles in general.
We have that already in the imperfect form of job interviews, degrees and experience. Some people are good testers/interviewees and skate past the gatekeepers. A CS degree does not necessarily guarantee a good programmer. Not all experience is equal. Other than chasing asymptotes, what does more layers of testing accomplish?
I could pass whatever test they put in front of me, I wouldn't care.
Are you sure about that? I had some professors in college who could very easily write exams where the class average would be around 30%.
The point is to keep the people who COULDN'T pass any such test, the fuck AWAY from ruining people's lives and businesses.
Some businesses willingly hire from the bottom of the barrel and pass on the
costssavings to their customers.No, that is a symptom of one of the problems. And LLCs will not save your ass from losing your business. They MAY save you from being sued into oblivion, IF you were smart enough to organize into an LLC before you opened your business in the first place (which plenty of small shops don't do).
Get sued, close doors, start new business, learn from mistakes. Many entrepreneurs are serial*.
*but not all of them are in the grains business.
-
Shhh... careful. Pointing out to people with that sort of ideology that yes, a higher-quality product is indeed more expensive than a lower-quality product, and that yes, that doesn't magically change when the quality improvement involves establishing a minimum quality floor for a class of products, and that that's not a bad thing, has been known to break their brain.
If you want to partake in yet another flamewar about price floors, the minimum wage thread is over
there.I'm not so much concerned about price points as I am the direction and soul of the industry. Minimum quality regulations on software that touches PII/PHI, or on life-or-death systems like air traffic control, nuclear power plants, industrial process control, etc. are one thing. Applying those same regulations across the board to all software, especially when failure would mean little more than annoyance or inconvenience, is another.
We live in an age right now where one or two guys can still build software by themselves, with little to no outside investment required, and almost no barriers to entry. I don't know about you, but I think that's pretty cool. It might be one of a handful of industries left where the little guy still has a fighting chance and doesn't need massive amounts of capital to get started.
-
Well, I mean, listen ...
-
To give Nissan the benefit of doubt, they were not into IT until the development of smart cars
That just means they don't have the technical debt of legacy technology stacks and don't have neckbeard IT employees that are rusted into old practices. If anything; starting into IT fresh in the day and age of "everything can and will be compromised" should be giving them a head start.
-
They're a Japanese company. If you've ever used a Japanese product (other than a video game, oddly), you'd know that they aren't exactly the kings of software development.
There's a reason iPhones are hugely popular in Japan.
-
Good point, sadly.
-
Actually, it is 50-50, split between Microsoft and Apple. Linux only has a small share of users who are enthusiasts. There are tons of corporates here in Japan that loves Microsoft to a point of being obsessive.
