The software engineering industry learned nothing.
If you hire a couple people and give them a tiny budget and an impossible deadline, you probably should not look elsewhere when the project flames out. It’s a good lesson for political operators and an object lesson in project management and funding.
Engineers could have foretold this result without even blinking. So, the software engineering industry qua software engineers knows what they are doing, they didn’t need to learn anything, this article is a zero entropy source. Experienced executives often know the score here too, btw - they tend to have a good feel for what makes a satisfactory tradeoff in their industry of bugs/features/delivery/risk (higher than engineers would like, but its still there).
there is a large literature on software management, quality, planning, etc.
and basically if you hire 4 people (3 super junior) and underpay them, with an accelerated budget, you should not expect to succeed.
this is known.
we the industry are not bad at this.
we are not paid to do it right, and most of us really care about paying the rent.
ed: we are bad at other things. but this is just boring old project management failure.
The maker of the Iowa Caucus app was given $60,000 and 2 months. They had four engineers. $60k doesn’t cover salary and benefits for four engineers for two months, especially on top of any business expenses. Money cannot be traded for time. There is little or no outside help.
This is the important bit. “Cheap, fast, good: pick two.” If the caucus wanted a better app, they’d have needed to invest a lot more time and money.
I don’t think so: Even if you assume 10% bench time, that’s still a mean $81k salary which is above market rates (avg. software engineer salary in Des Moines is $75k). That still leaves revenue for a $80k salesperson with a $80k OTE and the company makes money.
It is more than possible two months time isn’t enough to build a $360k mobile app for some people, but I certainly could’ve done it, and I probably would have for $360k.
My guess: Either the persons who made the RFP didn’t anticipate their real requirements (uptime/availability, accuracy, etc), or The Maker really doesn’t know how to make software. Without looking at the RFP I wouldn’t venture to say, and my own experience doing government projects could have me believe either equally.
$60k for 2 months work is $30k/pcm. If I do 6 projects of that size a year that’s $360k/pa revenue. If I discount that by 10% (for running my business; my salesperson, overage, etc), that’s still $324k/pa I could budget for four people, or an average salary of $81k.
I could certainly do this project in two months, and then do six more just like it in a year. That means if I went and did the RFP myself I could make $360k/pa doing projects like this.
I’ve also done events though, so I know that even if the RFP says there’s going to be wifi available, it’s going to be shit. Someone who hasn’t might trust the RFP and the project will fail: Whose fault is that? It seems a bit unfair to blame the developer who writes to a spec where the spec is just ambitious/wrong, but it also seems a bit unfair to blame the RFP writer since they might have never done event software before either. I suppose I could blame the DNC for hiring idiots in the first place, but that’s a bit higher up the food chain than what we’re talking about: We have no idea what they’re paying their PM…
None of the engineers at Shadow was based in Des Moines. They seem to have been based in Seattle, Denver, and NYC. $81k is not above market rates in those cities.
I’m reasonably sure a mobile-friendly, javascript-free website version of this could have been delivered by two people in a week (rather than four failing to deliver it in a month).
It’s hard to overstate just how much more difficult distributed systems are to build and debug.
My initial knee-jerk response: just look at the source control history for any public projects they’ve done¹. But then I remembered the most popular source control system today allows you to rewrite history (change commiters, dates, etc). Alas, you bring up a much more difficult problem.
¹ Any software remotely related to voting and elections should make its source code available publicly for review/inspection. There is no other alternative to this. QED.
We do know how to write software that works a lot better than this example, it just takes more than $60k and 2 months. You get what you pay (and plan) for.
60k is entirely reasonable for two months of work outside of silicon valley, if we’re assuming Shadow isnt based in one of the tech hubs.
Extrapolate that out to a year long project and it’s 360k, which is enough to pay four developers around 80k for the year with 40k left over for business expenses like office space, admin, etc. 80k is what senior developers make where I’m from and I can tell you that’s a perfectly middle class salary.
The two month timeline was very tight, sure, and these developers clearly did not have a process in place for robustly testing this app and deploying it, but I believe it serves the author’s point that they failed horribly.
It also serves the point that developers are saying 60k isn’t enough given the timeframe, but imo that shows how little math they’re actually doing before clutching their pearls and trying to distance themselves from a clear example of failure in their craft.
Two months just isn’t enough time for 4 regular developers to develop 3 applications (2 clients and a backend) to anything even approaching production-ready status in the kind of hostile environment of politics + online. Unless they’re customising an existing system, they’re extremely talented, the project is properly specced out, and the clients are communicative, responsive, and helpful, it’s a pipe dream. Even then I wouldn’t put money on it. And there’s no way working with ${politicalParty} would be any of those things.
The two clients and a backend could’ve been a single webapp with a backend. If they wanted to save more time they could’ve made the web app static and handled most of the logic in the backend. There are few, if any, native APIs on any platform that would’ve helped in a situation like this that can’t be accessed from the browser and pointing users to a website would’ve been way easier to build, deploy, and ship than a cross platform phone app.
The software industry is somewhat unique in its extremely low barriers to entry.
Producing high quality software is still relatively cheap, but it is also still a lot more expensive than many people/companies are willing to pay for. Partially because in the vast majority of cases the cost of accepting some defects is a lot lower than the cost of producing a flawless software to begin with (ignoring safety-critical use cases).
A company just says “Oops sorry we have now fixed that bug!” and moves on. When the “solution” is that easy, there’s not that much appetite for preventing the problem in the first place.
The low barrier to entry means people are constantly demanding low quality software to be produced. You don’t see “I have a $1,000 budget and want an airplane built similar to the F-35” requests. But in the software industry every day there are hundreds of projects similar to that being attempted. The outcome should not surprise anybody.
Software quality is something everybody wants but nobody wants to pay for.
If any online service provided by the top 10 public companies by market capitalization were completely offline for two hours, it would be forgotten within a week.
um, really? I feel like people would notice for instance:
AWS
GCP
Visa
going down for 2 hours, and I’m sure Alibaba would be noticed as well, although I’m less sure of what they do (but don’t they run payment infrastructure? I think people would notice that)
Good software engineering exists it’s just used to make sure cruise missiles hit their target. Why there is so much shitty software engineering is incredibly easy to answer; it’s because the industry is filled with libertarians who believe if the industry were regulated it would “curb innovation” and do no good except cut into their precious profits. That mentality is why the firm the DNC paid got away with making a cheap voting application without any public security oversight.
I’m slowly coming around to the need for software engineer licensing. If the Iowa Democratic party had hired an unlicensed engineer to design some bleachers for a campaign rally, and those bleachers collapsed, the designer and the people who hired him would be liable for the resulting injuries. You can’t just hire some bozo off the street to design a structure and expect a court to accept that. Except in software, it is perfectly normal to hire some bozo off the street and hope for the best.
In your system, would I need an engineering license to:
Use redstone circuitry in Minecraft?
Build a personal database to keep track of recipes I like to cook?
Build my own personal website?
Build a website for my own business?
Write an Excel spreadsheet with some macros in it, to use at my business?
Write a script that automatically checks me in for my flight at 24 hours before departure so I get a good boarding group?
Fix a relative’s computer?
Set up and configure a Pi-hole?
Set up and configure a home media server?
etc., all of which are or could be construed to be some form of software and/or IT engineering, and likely would be so construed by some troublesome/nosy person if a licensing scheme were imposed.
Meanwhile:
Except in software, it is perfectly normal to hire some bozo off the street and hope for the best.
I have been agitating for many years for better interviewing and hiring practices in our industry, and I am always rebutted by people who insist that their companies, and seemingly all companies, use rigorous high-quality interview processes which require demonstrations of relevant knowledge and skills and ensure that they “only hire the best”.
Meanwhile, even if we could implement a theoretically ideal licensing scheme, it would mostly be about adherence to principles and practices which have been shown to produce reliable, functional software. But there are no such principles or practices. Everything from choice of tools to choice of design to choice of project styles is, at best, anecdotal and/or subjective. So a license to practice “software engineering” would be meaningless, since it would be an endorsement that someone is competent to perform a task for which we have no reliable measure of competence or performance.
It’s not a straw man. You’re proposing licensing of software engineers working on ‘critical infrastructure’.
Care to define that?
You could lump everything from work on home Raspberry Pi servers (which may become compromised, and form part of DDOS botnets targeting core infra) to Excel spreadsheets driving core LOB apps. One I helped migrate to .NET, back in 2010 or so, was responsible for detecting fuel leaks in underground fuel systems. Should I have been licensed to work on that, as well as my home Pi server? If one, why not the other? The scope for carnage is similar, at least in the aggregate.
Would your proposal require that contributors to key open source software like GPSD be licensed, too? If so, who do you propose administers that?
It really can help. Of course licensing doesn’t completely eliminate failure, but I don’t think anyone can contest it’s a step forward wherever it’s instituted.
There are numerous examples of licensing regimes being abused to shut down competition or even by governments themselves. Consider this infamous case; the guy in that case was advocating for changes to red-light timing and camera enforcement, and the state of Oregon tried to hit him with penalties for practicing engineering without a license (and, amusingly, he actually was an engineer, just not one specifically licensed by Oregon).
And any sort of requirement of licensing for “software engineering” would pretty much inevitably either A) have to be so broad you’d need professional licensing to make a personal website, or B) if it avoids that problem, so narrowly-construed that it wouldn’t do what you actually want it to do.
Do you have a link which isn’t paywalled? I cannot read what you posted unless I decide I want to help pay for Jeff Bezos’ personal propaganda outlet.
Anyways, without being able to actually read the article, it really seems like a ridiculous strawman to say that because the local Oregonian government did something stupid there shouldn’t be any procedure with which to verify that the people who inspect bridges and traffic systems to make sure they don’t kill you and your loved ones actually know what they’re doing and are trustworthy. As I’ve already said above, I consider it not a perfect solution, but a step forward, with no licensure and subsequently no greater developed alternative to licensure present being a step back. This is just as true as your silly argument about licensure requirements for software engineering, when there are clearly many pre-existing standards of knowledge for areas such as security, reliability, and privacy in software development, but because requirements for licensure may not be perfect we should just give up and not even attempt making a step forward.
I cannot read what you posted unless I decide I want to help pay for Jeff Bezos’ personal propaganda outlet.
Since I do not know which news outlets, or even which search engines, you might find politically acceptable or unpalatable, I will simply give you a search query – the name “Mats Järlström” – and allow you to perform a search on your preferred platform, for results on sites you feel comfortable reading.
it really seems like a ridiculous strawman to say that because the local Oregonian government did something stupid there shouldn’t be any procedure with which to verify that the people who inspect bridges and traffic systems to make sure they don’t kill you and your loved ones actually know what they’re doing and are trustworthy.
Despite your repeated use of the word “strawman” to describe people in this thread, I note that what you’ve said here does not characterize what I said in the comment you were replying to. So while it may, charitably speaking, be a counterargument to something someone said somewhere, it does not engage with what I said, and as such I am unable to productively respond further.
Despite your repeated use of the word “strawman” to describe people
“People” is interesting wording to use here considering I’ve only reacted to your posts with this phrase. You directly argued against “licensing regimes” without proposing anything at all except getting upset that the government is doing things you don’t like, what do you think that looks like besides “we should not have a system to verify people who give final judgement on critical infrastructure are trustworthy”?
It will always be easy for lawmakers to join in combination with business cartels so long as the costs are diffuse, and borne by customers and future competitors. The cost is measured in lost opportunity, which doesn’t get a vote. The scale of those lost opportunities, however, is enormous — some 2.85 million jobs a year, according to this report.
Here in Victoria, the electrician licensing system was recently abused to shut down the “occupier’s license”, that allowed home owners to be certified to perform minor wiring changes in their own houses, after studying and taking an exam.
I was personally talking/thinking about engineering licensure, not twirling copper wires together in a good enough way that you don’t get electrocuted or burn a house down (for which obviously there should be licensure). In any case, an anecdote is an anecdote is an anecdote. And It’d be ridiculous to point at an anecdote like that and say “there shouldn’t be licensure to make sure the guy twirling your copper wires together is smart enough so that he doesn’t endanger himself, kill you, and destroy everything you own”
You said: “I don’t think anyone can contest it’s a step forward wherever it’s instituted”.
I provided a) an example of someone contesting it, and b) an example from my own personal experience where a licensing system had been abused to shut down the licensure option for home-owners. That is, a licensing system had been abused as a form of protectionism favouring licensed electricians.
This comment reminds me of the fact that time drift introduced because Patriot missile systems run on 24-bit floating point meant that they let a Scud through during Gulf War I that killed 28 folks.
We have an industry on track to double the number of programmers in the next 5 years (a growth rate which has been pretty consistent for 50 years). Given that sustained rate of growth, it is a mathematical fact that 75% of programmers have been doing it fewer than 10 years.
The resultant training gap is huge - the vast majority of developers have near-zero exposure to the tools that would give them a fighting chance of doing a good job.
Even if teaching those tools were prioritized highly, there simply aren’t enough people familiar with them to do the teaching, and new entrants are not learning them.
Regulation would do many good things for the industry. Getting rid of shitty software is not even close to being one of them.
Yeah, it’s really sad how few standardized paths there are for mentorship. The development of junior programmers out of college (many of which barely know how to use Git) is completely at the mercy of the firms that hire them, which can in some lucky cases land a developer in the presence of someone truly interested in helping them develop and grow, but it’s absolutely not the common one.
I would like to point out that leaking memory where it doesn’t matter != bad engineering. Good engineering involves navigating the problem space and finding the solution through that space which reliably arrives at the correct destination. Good engineering requires funding befitting the complexity of that problem space, and military contracting is exceedingly well funded.
This was mostly tongue-in-cheek, I like the story but do actually think it’s a memorable example of pragmatic engineering. I think it does also highlight that there are cost/benefit trade-offs to be found even in places we think of as having strict requirements though.
And if you’re being brutally pragmatic: how many soldiers’ lives would be saved by getting it into production sooner, rather than later having fixed the drift?
Except that the “Libertarians” in this case were paid and managed by the DNC. Trying to assign culpability to people based on their political philosophy is shitty trolling at best, and in this case also incorrect.
Sorry, I thought there was a hierarchy there that didn’t exist. (Pathetic excuse: I’m not American). But my point still stands, that criticising “Libertarian” developers for an underfunded, rushed project funded by Democrats is wrong in several ways.
The claim wasn’t that the developers of the app were libertarians.
The claim was that developers, by and large fight against any attempt to regulate software development, resulting in a situation where anyone can take on jobs well beyond their ability to deliver.
But I’d argue that it’s still wrong to characterise the resistance to regulation as Libertarian[1]; the vast majority of developers aren’t Libertarian, and neither are the majority of lobbyists or the politicians they’re lobbying.
I think the majority of developers simply (and wisely) don’t want their industry regulated more than it already is, and the majority of lobbyists are just crooked opportunistic bastards (ohai TurboTax).
Edited to add: [1] In the sense that most people calling for progressive taxation aren’t Marxists.
You’re really splitting hairs about names for different free market ideologies when the firm paid was very obviously a glorified voting Startup which wouldn’t exist were the industry better managed.
I was irritated by what I saw as an attempt to blame a problem that really boils down to shitty leadership[1] on a political philosophy. In particular, one to which I (largely) subscribe ;)
Can you clarify what you mean by ‘better managed’?
I mean, yes, I agree that an awful lot of startups exist solely because of a) malinvestment by VCs, b) bubbles, c) attempts to basically defraud investors by encouraging them to sink money into snake oil.
Who do you think should manage the software industry, and how?
[1] You can’t con an honest man; you can’t realistically expect to get two good mobile apps for the time and money the Democrats spent.
I understood why you were irritated, but you cannot deny the fact that libertarian ideology is categorically opposed to governmental intrusion into markets, and you cannot pretend that the prevailing ideologies that software developers follow (the most popular from my American perspective being varying forms of free-market liberalism, which ime is the prevailing ideology of the DNC and also the umbrella under which libertarianism falls) don’t have an impact on what laws are lobbied for and blessed by us to regulate the development of software and how people may be held liable for mismanagement.
And I don’t think anyone would argue that cases such as these are problems of mismanagement, I believe we’re both in agreement on this, just as @pnathan wrote above,
if you hire 4 people (3 super junior) and underpay them, with an accelerated budget, you should not expect to succeed.
this is known.
we the industry are not bad at this.
we are not paid to do it right, and most of us really care about paying the rent.
I believe the far more valuable question to ask is not only why this happens (your answers being bad investment, bubbles, fraud), but why it’s been completely unmitigated. The prevailing solution over the last several decades has already been the liberal answer, which is to allow the markets to self-regulate themselves so that these issues may self-resolve, albeit at the cost of peoples livelihoods being thrown into precarity and the public building distrust and contempt for the software industry as a whole. In my honest opinion I think that this “solution” sucks.
In terms of what I would desire but we’re maybe at least a decade out from being a realistic political possibility? I believe that for the software the public uses at large, there should be legislature allocating funding for international organizations of software engineers to work on blessed open source projects, and legally obligating computing platforms to provide support to run that software, such as by relaxing DRM or providing the necessary code for their platform or device’s firmware to that organization. For software already provided by private firms to run for the public (including consumer operating systems, search engines, social networks, and of course, caucus voting applications), an international licensing system should be introduced by an organized body of software engineers to push for blessing by state legislation, with a protocol not too different from pre-existing engineering licensure, such that the licensed engineers of a project performing code reviews and such must approve released and provisioned versions of their projects, taking on liability for those projects saying that they do not violate security, privacy, and reliability standards blessed by the body which builds the protocol for licensure, and effected into into law by local legislation. This body would also ideally provide mentorship programs such that junior engineers may be encouraged into more responsible practices and better understanding of their toolkit.
Honestly, there’s an unlimited number of possible schemes and the above may be flawed in little ways here and there, and may require a long term of lobbying and organizing to achieve (notwithstanding sabotage by corporations who may not find such a plan not to be in their interest), but I’d honestly be happy with literally any sort of step forward in building a framework of rules and liabilities for software development that meets a decent enough criteria.
it’s because the industry is filled with libertarians who believe if the industry were regulated it would “curb innovation” and do no good except cut into their precious profits.
This seems, well, wrong. Do you have any more information to support this claim?
Speak for yourself. Maybe if the IT industry would hire people outside of their comfort zone, they would stop rebuilding the same shitty house over and over.
There are people out their that can program differently and effectively, but HR and managers won’t hire them because they don’t know the jargon.
yes and no?
If you hire a couple people and give them a tiny budget and an impossible deadline, you probably should not look elsewhere when the project flames out. It’s a good lesson for political operators and an object lesson in project management and funding.
Engineers could have foretold this result without even blinking. So, the software engineering industry qua software engineers knows what they are doing, they didn’t need to learn anything, this article is a zero entropy source. Experienced executives often know the score here too, btw - they tend to have a good feel for what makes a satisfactory tradeoff in their industry of bugs/features/delivery/risk (higher than engineers would like, but its still there).
there is a large literature on software management, quality, planning, etc.
and basically if you hire 4 people (3 super junior) and underpay them, with an accelerated budget, you should not expect to succeed.
this is known.
we the industry are not bad at this.
we are not paid to do it right, and most of us really care about paying the rent.
ed: we are bad at other things. but this is just boring old project management failure.
This is the important bit. “Cheap, fast, good: pick two.” If the caucus wanted a better app, they’d have needed to invest a lot more time and money.
I don’t think so: Even if you assume 10% bench time, that’s still a mean $81k salary which is above market rates (avg. software engineer salary in Des Moines is $75k). That still leaves revenue for a $80k salesperson with a $80k OTE and the company makes money.
It is more than possible two months time isn’t enough to build a $360k mobile app for some people, but I certainly could’ve done it, and I probably would have for $360k.
My guess: Either the persons who made the RFP didn’t anticipate their real requirements (uptime/availability, accuracy, etc), or The Maker really doesn’t know how to make software. Without looking at the RFP I wouldn’t venture to say, and my own experience doing government projects could have me believe either equally.
Did you read that number right? It’s 60k not 600k.
$60k for 2 months work is $30k/pcm. If I do 6 projects of that size a year that’s $360k/pa revenue. If I discount that by 10% (for running my business; my salesperson, overage, etc), that’s still $324k/pa I could budget for four people, or an average salary of $81k.
I could certainly do this project in two months, and then do six more just like it in a year. That means if I went and did the RFP myself I could make $360k/pa doing projects like this.
I’ve also done events though, so I know that even if the RFP says there’s going to be wifi available, it’s going to be shit. Someone who hasn’t might trust the RFP and the project will fail: Whose fault is that? It seems a bit unfair to blame the developer who writes to a spec where the spec is just ambitious/wrong, but it also seems a bit unfair to blame the RFP writer since they might have never done event software before either. I suppose I could blame the DNC for hiring idiots in the first place, but that’s a bit higher up the food chain than what we’re talking about: We have no idea what they’re paying their PM…
None of the engineers at Shadow was based in Des Moines. They seem to have been based in Seattle, Denver, and NYC. $81k is not above market rates in those cities.
Do you have a link for that?
I searched their jobs page and saw offers for “remote” which is usually a sign they pay midwest rates.
I haven’t seen any news articles saying where the developers actually were.
I was going by the developers associated with them on Linkedin.
It’s only part of the problem, but:
… or, you could write a mobile-friendly web app, and then anyone could participate. It’d be cheaper, faster, easier, and more inclusive.
I’m reasonably sure a mobile-friendly, javascript-free website version of this could have been delivered by two people in a week (rather than four failing to deliver it in a month).
It’s hard to overstate just how much more difficult distributed systems are to build and debug.
We should ask some people who’ve done it.
But wait! What if one of them were lying or incorrect? How would we know?
;)
My initial knee-jerk response: just look at the source control history for any public projects they’ve done¹. But then I remembered the most popular source control system today allows you to rewrite history (change commiters, dates, etc). Alas, you bring up a much more difficult problem.
¹ Any software remotely related to voting and elections should make its source code available publicly for review/inspection. There is no other alternative to this. QED.
I was actually attempting to make a distributed systems joke, specifically referencing:
https://en.wikipedia.org/wiki/Byzantine_fault
We do know how to write software that works a lot better than this example, it just takes more than $60k and 2 months. You get what you pay (and plan) for.
60k is entirely reasonable for two months of work outside of silicon valley, if we’re assuming Shadow isnt based in one of the tech hubs.
Extrapolate that out to a year long project and it’s 360k, which is enough to pay four developers around 80k for the year with 40k left over for business expenses like office space, admin, etc. 80k is what senior developers make where I’m from and I can tell you that’s a perfectly middle class salary.
The two month timeline was very tight, sure, and these developers clearly did not have a process in place for robustly testing this app and deploying it, but I believe it serves the author’s point that they failed horribly.
It also serves the point that developers are saying 60k isn’t enough given the timeframe, but imo that shows how little math they’re actually doing before clutching their pearls and trying to distance themselves from a clear example of failure in their craft.
Two months just isn’t enough time for 4 regular developers to develop 3 applications (2 clients and a backend) to anything even approaching production-ready status in the kind of hostile environment of politics + online. Unless they’re customising an existing system, they’re extremely talented, the project is properly specced out, and the clients are communicative, responsive, and helpful, it’s a pipe dream. Even then I wouldn’t put money on it. And there’s no way working with
${politicalParty}would be any of those things.The two clients and a backend could’ve been a single webapp with a backend. If they wanted to save more time they could’ve made the web app static and handled most of the logic in the backend. There are few, if any, native APIs on any platform that would’ve helped in a situation like this that can’t be accessed from the browser and pointing users to a website would’ve been way easier to build, deploy, and ship than a cross platform phone app.
The software industry is somewhat unique in its extremely low barriers to entry.
Producing high quality software is still relatively cheap, but it is also still a lot more expensive than many people/companies are willing to pay for. Partially because in the vast majority of cases the cost of accepting some defects is a lot lower than the cost of producing a flawless software to begin with (ignoring safety-critical use cases).
A company just says “Oops sorry we have now fixed that bug!” and moves on. When the “solution” is that easy, there’s not that much appetite for preventing the problem in the first place.
The low barrier to entry means people are constantly demanding low quality software to be produced. You don’t see “I have a $1,000 budget and want an airplane built similar to the F-35” requests. But in the software industry every day there are hundreds of projects similar to that being attempted. The outcome should not surprise anybody.
Software quality is something everybody wants but nobody wants to pay for.
um, really? I feel like people would notice for instance:
going down for 2 hours, and I’m sure Alibaba would be noticed as well, although I’m less sure of what they do (but don’t they run payment infrastructure? I think people would notice that)
Good software engineering exists it’s just used to make sure cruise missiles hit their target. Why there is so much shitty software engineering is incredibly easy to answer; it’s because the industry is filled with libertarians who believe if the industry were regulated it would “curb innovation” and do no good except cut into their precious profits. That mentality is why the firm the DNC paid got away with making a cheap voting application without any public security oversight.
I’m slowly coming around to the need for software engineer licensing. If the Iowa Democratic party had hired an unlicensed engineer to design some bleachers for a campaign rally, and those bleachers collapsed, the designer and the people who hired him would be liable for the resulting injuries. You can’t just hire some bozo off the street to design a structure and expect a court to accept that. Except in software, it is perfectly normal to hire some bozo off the street and hope for the best.
In your system, would I need an engineering license to:
etc., all of which are or could be construed to be some form of software and/or IT engineering, and likely would be so construed by some troublesome/nosy person if a licensing scheme were imposed.
Meanwhile:
I have been agitating for many years for better interviewing and hiring practices in our industry, and I am always rebutted by people who insist that their companies, and seemingly all companies, use rigorous high-quality interview processes which require demonstrations of relevant knowledge and skills and ensure that they “only hire the best”.
Meanwhile, even if we could implement a theoretically ideal licensing scheme, it would mostly be about adherence to principles and practices which have been shown to produce reliable, functional software. But there are no such principles or practices. Everything from choice of tools to choice of design to choice of project styles is, at best, anecdotal and/or subjective. So a license to practice “software engineering” would be meaningless, since it would be an endorsement that someone is competent to perform a task for which we have no reliable measure of competence or performance.
What a strange straw man.
It’s not a straw man. You’re proposing licensing of software engineers working on ‘critical infrastructure’.
Care to define that?
You could lump everything from work on home Raspberry Pi servers (which may become compromised, and form part of DDOS botnets targeting core infra) to Excel spreadsheets driving core LOB apps. One I helped migrate to .NET, back in 2010 or so, was responsible for detecting fuel leaks in underground fuel systems. Should I have been licensed to work on that, as well as my home Pi server? If one, why not the other? The scope for carnage is similar, at least in the aggregate.
Would your proposal require that contributors to key open source software like GPSD be licensed, too? If so, who do you propose administers that?
It really can help. Of course licensing doesn’t completely eliminate failure, but I don’t think anyone can contest it’s a step forward wherever it’s instituted.
I absolutely will contest that.
There are numerous examples of licensing regimes being abused to shut down competition or even by governments themselves. Consider this infamous case; the guy in that case was advocating for changes to red-light timing and camera enforcement, and the state of Oregon tried to hit him with penalties for practicing engineering without a license (and, amusingly, he actually was an engineer, just not one specifically licensed by Oregon).
And any sort of requirement of licensing for “software engineering” would pretty much inevitably either A) have to be so broad you’d need professional licensing to make a personal website, or B) if it avoids that problem, so narrowly-construed that it wouldn’t do what you actually want it to do.
Do you have a link which isn’t paywalled? I cannot read what you posted unless I decide I want to help pay for Jeff Bezos’ personal propaganda outlet.
Anyways, without being able to actually read the article, it really seems like a ridiculous strawman to say that because the local Oregonian government did something stupid there shouldn’t be any procedure with which to verify that the people who inspect bridges and traffic systems to make sure they don’t kill you and your loved ones actually know what they’re doing and are trustworthy. As I’ve already said above, I consider it not a perfect solution, but a step forward, with no licensure and subsequently no greater developed alternative to licensure present being a step back. This is just as true as your silly argument about licensure requirements for software engineering, when there are clearly many pre-existing standards of knowledge for areas such as security, reliability, and privacy in software development, but because requirements for licensure may not be perfect we should just give up and not even attempt making a step forward.
Since I do not know which news outlets, or even which search engines, you might find politically acceptable or unpalatable, I will simply give you a search query – the name “Mats Järlström” – and allow you to perform a search on your preferred platform, for results on sites you feel comfortable reading.
Despite your repeated use of the word “strawman” to describe people in this thread, I note that what you’ve said here does not characterize what I said in the comment you were replying to. So while it may, charitably speaking, be a counterargument to something someone said somewhere, it does not engage with what I said, and as such I am unable to productively respond further.
“People” is interesting wording to use here considering I’ve only reacted to your posts with this phrase. You directly argued against “licensing regimes” without proposing anything at all except getting upset that the government is doing things you don’t like, what do you think that looks like besides “we should not have a system to verify people who give final judgement on critical infrastructure are trustworthy”?
https://www.oregonlive.com/portland/2017/12/state_board_concedes_it_violat.html
Yes they can, and do. From https://spectator.org/licensing-is-a-racket/:
Here in Victoria, the electrician licensing system was recently abused to shut down the “occupier’s license”, that allowed home owners to be certified to perform minor wiring changes in their own houses, after studying and taking an exam.
I was personally talking/thinking about engineering licensure, not twirling copper wires together in a good enough way that you don’t get electrocuted or burn a house down (for which obviously there should be licensure). In any case, an anecdote is an anecdote is an anecdote. And It’d be ridiculous to point at an anecdote like that and say “there shouldn’t be licensure to make sure the guy twirling your copper wires together is smart enough so that he doesn’t endanger himself, kill you, and destroy everything you own”
Perhaps I wasn’t clear.
You said: “I don’t think anyone can contest it’s a step forward wherever it’s instituted”.
I provided a) an example of someone contesting it, and b) an example from my own personal experience where a licensing system had been abused to shut down the licensure option for home-owners. That is, a licensing system had been abused as a form of protectionism favouring licensed electricians.
This comment reminds me of the fact that time drift introduced because Patriot missile systems run on 24-bit floating point meant that they let a Scud through during Gulf War I that killed 28 folks.
Christ. Do you have a link to a good writeup?
http://www-users.math.umn.edu/~arnold/disasters/patriot.html has a good summary
Good succinct technical report on it, thanks.
We have an industry on track to double the number of programmers in the next 5 years (a growth rate which has been pretty consistent for 50 years). Given that sustained rate of growth, it is a mathematical fact that 75% of programmers have been doing it fewer than 10 years.
The resultant training gap is huge - the vast majority of developers have near-zero exposure to the tools that would give them a fighting chance of doing a good job.
Even if teaching those tools were prioritized highly, there simply aren’t enough people familiar with them to do the teaching, and new entrants are not learning them.
Regulation would do many good things for the industry. Getting rid of shitty software is not even close to being one of them.
Yeah, it’s really sad how few standardized paths there are for mentorship. The development of junior programmers out of college (many of which barely know how to use Git) is completely at the mercy of the firms that hire them, which can in some lucky cases land a developer in the presence of someone truly interested in helping them develop and grow, but it’s absolutely not the common one.
About that good engineering that goes into cruise missiles:
https://groups.google.com/forum/message/raw?msg=comp.lang.ada/E9bNCvDQ12k/1tezW24ZxdAJ
I would like to point out that leaking memory where it doesn’t matter != bad engineering. Good engineering involves navigating the problem space and finding the solution through that space which reliably arrives at the correct destination. Good engineering requires funding befitting the complexity of that problem space, and military contracting is exceedingly well funded.
This was mostly tongue-in-cheek, I like the story but do actually think it’s a memorable example of pragmatic engineering. I think it does also highlight that there are cost/benefit trade-offs to be found even in places we think of as having strict requirements though.
And if you’re being brutally pragmatic: how many soldiers’ lives would be saved by getting it into production sooner, rather than later having fixed the drift?
Except that the “Libertarians” in this case were paid and managed by the DNC. Trying to assign culpability to people based on their political philosophy is shitty trolling at best, and in this case also incorrect.
The DNC doesn’t run the Iowa caucus and it didn’t comission the app. The Iowa Democratic party does.
Sorry, I thought there was a hierarchy there that didn’t exist. (Pathetic excuse: I’m not American). But my point still stands, that criticising “Libertarian” developers for an underfunded, rushed project funded by Democrats is wrong in several ways.
The claim wasn’t that the developers of the app were libertarians.
The claim was that developers, by and large fight against any attempt to regulate software development, resulting in a situation where anyone can take on jobs well beyond their ability to deliver.
Okay, that’s a reasonable interpretation.
But I’d argue that it’s still wrong to characterise the resistance to regulation as Libertarian[1]; the vast majority of developers aren’t Libertarian, and neither are the majority of lobbyists or the politicians they’re lobbying.
I think the majority of developers simply (and wisely) don’t want their industry regulated more than it already is, and the majority of lobbyists are just crooked opportunistic bastards (ohai TurboTax).
Edited to add: [1] In the sense that most people calling for progressive taxation aren’t Marxists.
You’re really splitting hairs about names for different free market ideologies when the firm paid was very obviously a glorified voting Startup which wouldn’t exist were the industry better managed.
I was irritated by what I saw as an attempt to blame a problem that really boils down to shitty leadership[1] on a political philosophy. In particular, one to which I (largely) subscribe ;)
Can you clarify what you mean by ‘better managed’?
I mean, yes, I agree that an awful lot of startups exist solely because of a) malinvestment by VCs, b) bubbles, c) attempts to basically defraud investors by encouraging them to sink money into snake oil.
Who do you think should manage the software industry, and how?
[1] You can’t con an honest man; you can’t realistically expect to get two good mobile apps for the time and money the Democrats spent.
I understood why you were irritated, but you cannot deny the fact that libertarian ideology is categorically opposed to governmental intrusion into markets, and you cannot pretend that the prevailing ideologies that software developers follow (the most popular from my American perspective being varying forms of free-market liberalism, which ime is the prevailing ideology of the DNC and also the umbrella under which libertarianism falls) don’t have an impact on what laws are lobbied for and blessed by us to regulate the development of software and how people may be held liable for mismanagement.
And I don’t think anyone would argue that cases such as these are problems of mismanagement, I believe we’re both in agreement on this, just as @pnathan wrote above,
I believe the far more valuable question to ask is not only why this happens (your answers being bad investment, bubbles, fraud), but why it’s been completely unmitigated. The prevailing solution over the last several decades has already been the liberal answer, which is to allow the markets to self-regulate themselves so that these issues may self-resolve, albeit at the cost of peoples livelihoods being thrown into precarity and the public building distrust and contempt for the software industry as a whole. In my honest opinion I think that this “solution” sucks.
In terms of what I would desire but we’re maybe at least a decade out from being a realistic political possibility? I believe that for the software the public uses at large, there should be legislature allocating funding for international organizations of software engineers to work on blessed open source projects, and legally obligating computing platforms to provide support to run that software, such as by relaxing DRM or providing the necessary code for their platform or device’s firmware to that organization. For software already provided by private firms to run for the public (including consumer operating systems, search engines, social networks, and of course, caucus voting applications), an international licensing system should be introduced by an organized body of software engineers to push for blessing by state legislation, with a protocol not too different from pre-existing engineering licensure, such that the licensed engineers of a project performing code reviews and such must approve released and provisioned versions of their projects, taking on liability for those projects saying that they do not violate security, privacy, and reliability standards blessed by the body which builds the protocol for licensure, and effected into into law by local legislation. This body would also ideally provide mentorship programs such that junior engineers may be encouraged into more responsible practices and better understanding of their toolkit.
Honestly, there’s an unlimited number of possible schemes and the above may be flawed in little ways here and there, and may require a long term of lobbying and organizing to achieve (notwithstanding sabotage by corporations who may not find such a plan not to be in their interest), but I’d honestly be happy with literally any sort of step forward in building a framework of rules and liabilities for software development that meets a decent enough criteria.
This seems, well, wrong. Do you have any more information to support this claim?
Speak for yourself. Maybe if the IT industry would hire people outside of their comfort zone, they would stop rebuilding the same shitty house over and over.
There are people out their that can program differently and effectively, but HR and managers won’t hire them because they don’t know the jargon.
It they do know the jargon but they’re not paid so they leave.
Software Engineering is great engineering. No other field can cut as close to the bone as is necessary here.
Good article; it’s all about the incentives and economics.
I wrote something similar a while back: https://journal.dedasys.com/2014/09/24/perfect-software-versus-economic-reality/