1. 4

    Man, there’s so many people that don’t read anything.

    I currently fill the role of IT and it’s absolutely bonkers the stuff people get stuck on. It’s so basic, and the screen is telling you what’s wrong, but people aren’t even parsing it.

    1. 3

      The irony here is that the article claims that people actually do spend a significant amount of their time reading compiler errors.

      1. 3

        The bonus irony is that it’s discussing a paper that, guess what, no one will read! Because it links to a paywalled version of it instead of the author’s copy available freely on their web site: https://people.engr.ncsu.edu/ermurph3/papers/icse17.pdf

    1. 25

      A quick, rough timeline:

      • 2005: git is released, and Junio Hemano becomes the core maintainer
      • 2008: the first thread about staging on the linked article, and, GitHub is formed
      • 2021: 13 years later, this is still a thing

      There’s something about “we can’t change this, what about all the people using this” in the early days, becoming an issue for far far longer and for far many more people, that feels like a failure mode.

      1. 31

        I’m reminded of the anecdote about make: Its original author used tab characters for indentation in Makefiles without much thought. Later when they decided to add make to UNIX, they wanted to change the syntax to something more robust. But they were afraid of breaking the ten or so Makefiles in existence so they stuck with the problematic tab syntax that continues to plague us today.

        1. 11

          Your comment reminds me of the origin of C’s confusing operator precedence rules:

          Eric Lippert’s blog post “Hundred year mistakes”

          There were several hundred kilobytes of existing C source code in the world at the time. SEVERAL HUNDRED KB. What if you made this change to the compiler and failed to update one of the & to &&, and made an existing program wrong via a precedence error? That’s a potentially disastrous breaking change. …

          So Ritchie maintained backwards compatibility forever and made the precedence order &&, &, ==, effectively adding a little bomb to C that goes off every time someone treats & as though it parses like +, in order to maintain backwards compatibility with a version of C that only a handful of people ever used.

          But wait, it gets worse.

          1. 18

            I think this article includes a logical fallacy. It assumes that whatever you’re doing will be successful, and because it is successful, it will grow over time. Since it will grow over time, the best time for breaking changes is ASAP.

            What this logic ignores is that any tool that embraces breaking changes constantly will not be successful, and will not grow over time. It is specifically because C code doesn’t need continual reworking that C has become lingua franca, and because of that success, we can comment on mistakes made 40+ years ago.

            1. 6

              Sure, but this error propagated all the way into Javascript.

              I’m not saying C should have changed it. (Though it should.) But people should definitely not have blindly copied it afterwards.

          2. 3

            I’m curious why you think it is problematic? Just don’t like significant whitespace? But make also has significant newlines…

            1. 3

              For me it’s because most editors I’ve used (thinking Vim and VSCode) share their tab configs across file types by default.

              So if I have soft tabs enabled, suddenly Make is complaining about syntax errors and the file looks identical to if it was correct. Not very beginner friendly.

              1. 4

                IIRC Vim automatically will set hardtabs in Makefiles for you. So it shouldn’t be a problem, at least there (as long as you have filetype plugin on).

                1. 2

                  I always make sure to have my editor show me if there are spaces at the front of a line. Having leading spaces look the same as r trb is a terrible UX default most unfortunately have

              2. 2

                Thanks, I hate it

                1. 1

                  What was the problem with tab syntax?

              1. 2

                Can you please help me understand the use case?

                Is this so that if you have multiple docker-compose files that you want deployed to a single machine this makes that easier?

                When I saw the initial blurb I got excited thinking this might help me deploy docker-compose apps to different machines in my cluster, but I didn’t get a sense of that from the README?

                1. 2

                  Yes, this is for deploying multiple Compose apps on a single machine. Is your use case for something more like Kubernetes?

                  1. 3

                    You might consider explicitly mentioning this fact in your project README so it’s clear to prospective users what you’re offering.

                    Thanks for the response and for open sourcing your project!

                    Kubernetes always felt incredibly heavyweight for my simple needs. I ran it here for a while but since I do zero clustering

                    I have a couple of machines in my ‘homelab’ running ProxMox. Those machines host various VMs which themselves host Docker containers for the apps I want to run.

                    If anything, perhaps something like Ansible would be a better choice, I just haven’t invested the time and energy to encode the various docker-compose files I have into Ansible playbooks.

                    1. 2

                      I’ll definitely mention that, thanks! I think Harbormaster can still help you, what I didn’t like about the various other solutions was that there was no discoverability. None of them had a canonical list of apps that ran on a machine, whereas with Harbormaster you know what’s running where.

                      If you aren’t running the same app on N machines, you can just set up one Harbormaster config per machine and that’s it!

                      1. 2

                        Look into Nomad if you haven’t already.

                        1. 2

                          You’re easily the 3rd or fourth person to suggest that. I will absolutely get on it!

                  1. 2

                    This looks quite similar to what I ended up with for our internal infrastructure.

                    This looks pretty solid, definitely some stuff that we could learn from here!

                    Ours is k3s + CloudFormation with EC2/NLB/Route53/RDS/etc + nginx-ingress (or ingress-nginx? I can never remember) + buzzfeed-sso + Vector + Grafana + Prometheus + Loki based currently.

                    1. 1

                      How are you finding Loki? One of my teammates evaluated it at work and they found a bunch of scaling and reliability issues. Granted, part of that may be related to the scale we were trying to run it at.

                      1. 1

                        Sorry, missed this somehow.

                        It’s been somewhat of a pain in the ass, but a different type of pain in the ass compared to ElasticSearch. We’re definitely below average scale. Biggest issue has been out of order logs causing issues.

                        1. 1

                          No worries, thanks for getting back to me! I started building an alternative to Loki based on similar principles to its design, right now just a POC. I’ve been wondering if others had enough problems with Loki that it was worth building out, your experience is another data point that it is 🙂

                    1. 13

                      Even if you perform all file open and write I/O on a single thread and use a background thread pool only for calling CloseHandle(), you can see a >3x speedup in time to write files.

                      Yikes!

                      1. 6

                        The CloseHandle() one was the biggest surprise for me, hunting down and finding Windows Defender / AV as the culprit must of been quite the pursuit. Interesting that the work around can end up being faster than Linux!

                        1. 7

                          There’s also another issue there, which is an exclusive lock is used as part of CloseHandle() that’s acquired shared when writing data to disk. This means that even without a virus scanner, it’s possible to open a file, write to the cache (at memory speed), then close the handle and the close will wait for that data to get written to disk. It’s a race condition based on when the system decides to write the cache, but it’s not that unlikely when running a build that writes a lot of data into the cache.

                          Edit: That said, the solution of processing CloseHandle() in the background has big caveats. A lot of work in CloseHandle is required to be synchronous, to do things like deleting the file if needed, releasing sharing modes to allow future opens, releasing byte range locks, indicate to other services that the file has changed, etc. Doing this asynchronously may or may not be acceptable - if the app is never going to try to open another handle to the file and is not deleting it, it doesn’t matter, but it’s not safe to generically defer this work without risking introducing sharing violations.

                          Edit #2: As far as hunting it down, xperf is … well, I can’t say xperf is great, but it can capture a lot of data. A flame graph in wpa takes a while to render, but it highlights things like APIs that take more time than you expect very easily. The harder part of performance work is wait chain analysis where something is waiting for something that’s waiting for something (etc) with all kinds of different synchronization primitives and you want to know why it’s not moving.

                          1. 4

                            While I didn’t realize it at the time, the cause for this was/is Windows Defender.

                            These are my favorite, where you know that something is a problem, but never get to figure out why. And then you find the why some months later, and go “oh holy shit!”

                            1. -1

                              hunting down and finding Windows Defender / AV as the culprit must of been quite the pursuit

                              Do you mean must have been?

                          1. 9

                            I always hated fullscreen exclusivity. It seemed to always break my system whenever I closed out of the game, or even alt-tabbed out (which would usually take several seconds for things to appear). Very annoying when a game was unresponsive and you couldn’t reach task manager.

                            1. 5

                              Same, I initially didn’t want to support it at all for that reason—one interesting thing I discovered when writing this up but didn’t elaborate on in the post is that it’s actually possible to go exclusive without that breakage, but nobody seems to do it intentionally!

                              Most games fiddle with the display settings when you’re in exclusive mode, and upon losing focus they have to revert their changes. This causes a hang, and if they don’t properly set CDS_FULLSCREEN to make their changes temporary it’s also likely what’s causing things to be weird after exiting.

                              There may have been a time when changing the display settings was necessary, but it’s not currently necessary on any of the setups I tested, and it doesn’t appear to have measurable performance benefits (though the tests I ran to conclude that were admittedly less thorough.)

                              If you get exclusivity without calling ChangeDisplaySettings, you’ll lose a few frames and get a much quicker flash when alt tabbing or such, but it’s nothing compared to the pain of trying to alt tab from a fullscreen exclusive game as normally implemented!

                              1. 4

                                Windows 10 and DXGI 1.4 vastly improved exclusive fullscreen, prior to that it was extremely finnicky and fragile.

                                1. 3

                                  Ah, I didn’t realize that. It’s super finicky now so I can only imagine what it must have been like before Windows 10!

                            1. 13

                              Do not run malicious code in docker. This is an extremely risky decision to have made.

                              1. 7

                                Indeed, Ghidra is available in many distros and is not hard to use for basic static analysis. The author took a massive risk and a thoughtful attacker will be ready to exploit this kind of panicked decision.

                                1. 2

                                  I have some intuition on why that would be bad, but could you go into more detail of what types of harm could come from this? Are there container escapes?

                                  1. 3

                                    Container escapes are trivial.

                                1. 65

                                  My vote goes to 1Password, for ease of use, built in security model (client side encryption), versatility in handling all kinds of data (notes, credit cards, etc) and reliability of the plugins to work with all websites and apps. Other password management apps that I’ve tried have frequently had problems with some websites. Sometimes 1Password still has edge cases where e.g. 2FA is not automatically filled in and you have to copy paste it manually. But I haven’t seen a better app yet.

                                  1. 6

                                    Yeah, me too. I ended up at 1Password after trying a lot of both offline and online systems.

                                    1. 2

                                      Have you had a chance to compare it with LastPass?

                                      1. 6

                                        My work used LastPass and I couldn’t have created a worst UI if I’d tried. There was no easy way to generate a new password. It took three clicks in non-obvious places to get to it.

                                        1. 2

                                          I used LastPass for several years before switching to 1Password a year ago. Wish I had switched earlier. LastPass’s UI design needs a lot of work and over time actually got worse with various annoying small bugs.

                                          1. 2

                                            Hard no to LastPass. I used it years ago, audited it one evening on a lark, found a few vulns, reported them, a couple got fixed, a couple got me told to fuck off.

                                            And also, LastPass: Security Issues

                                            1. 2

                                              When I previously used LastPass, there were some weird differences between the browser version and the desktop version - there were some things that each of them couldn’t do.

                                              One oddity worth noting - I don’t use the desktop app with 1Password. I’ve found their browser extension, 1PasswordX, to be more stable (it also has the benefit of working on Linux).

                                              I believe with the addition of HaveIBeenPwned integration on the LastPass security dashboard, they’re pretty much similar feature wise (though maybe 1Password can store 2FA tokens). I’ve used 1Password because it felt way less clunky than LastPass and it doesn’t require me to install a random binary on my Linux machines in order to access my passwords.

                                              1. 1

                                                I switched to 1Password from LastPass a couple years ago and haven’t looked back.

                                                LastPass got unusably slow for me after I had more than a few hundred entries in it. I don’t know if they’ve fixed their performance problems by now, but I can’t think of anything I miss.

                                            2. 5

                                              Long time 1Password user here. It’s by far the best tool I’ve ever used. And I believe it goes beyond the application itself, as the support team is also great. Given a matter as sensible as all my credentials to login into several different services, having good support is mandatory IMO.

                                              1. 4

                                                1Password here too. Excuse the cliché, but it just works. The cost is minimal for me — $4/mo, I think.

                                                I’ve been slowly moving some 2FA to it, but it seems dependent on 1Password itself detecting that the site supports it vs. something like Authy where I can add any website or app to it.

                                                1. 4

                                                  I just switched to 1Password after 5-10 years on Lastpass. There’s some quirks, it’s not perfect, I generally prefer it to Lastpass.

                                                  The only thing Lastpass truly does better is signup form detection. Specifically I like the model Lastpass uses of detecting the form submission, 1Password wants you to add the password prior to signing up, which gets messy if you fail signing up for some reason.

                                                  1. 2

                                                    1Password wants you to add the password prior to signing up, which gets messy if you fail signing up for some reason.

                                                    Oh yeah, this is a constant frustration of mine. ALso, whenever I opt to save thep assword, I seem to have a solid 4-5 seconds of waiting before I can do this. This seems to be 1Password X, FWIW. Back in the good old days of 1Password 6 or so when vaults were just local files, the 1P browser extension seemed to save forms after submission.

                                                  2. 2

                                                    I’ve been able to get my whole family onto a secure password manager by consolidating on 1Password. I don’t think I would have been successful with any of the other options I’ve found.

                                                  1. 78

                                                    Backlash against Kubernetes and a call for simplicity in orchestration; consolidation of “cloud native” tooling infrastructure.

                                                    1. 18

                                                      I’m not sure if we’ve reached peak-k8s-hype yet. I’m still waiting for k8s-shell which runs every command in a shell pipe in its own k8s node (I mean, grep foo file | awk is such a boring way to do things!)

                                                      1. 15

                                                        You must not have use Google Cloudbuild yet. They do… pretty much exactly that, and it’s as horribly over-engineered and needlessly complicated as you can imagine :-D

                                                        1. 4

                                                          I haven’t worked with k8 yet but to me all of this sounds like you’ll end up with the same problems legacy CORBA systems had: Eventually you lose track of what happens on which machine and everything becomes overly complex and slow.

                                                        2. 13

                                                          I don’t know if it will happen this year or not but I’ve been saying for many years that k8s is the new cross-language J2EE, and just like tomcat and fat jars began to compete we’ll see the options you’re discussing make a resurgence. Nomad is probably one that’s already got a good following.

                                                          1. 7

                                                            I understand where you’re coming from but I don’t think it’s likely. Every huge company I’ve worked with has idiosyncratic requirements that make simple deployment solutions impossible. I’m sure there will be some consolidation but the complexity of Kubernetes is actually needed at the top.

                                                            1. 1

                                                              We’ve been on k8s in some parts of our org for 2+ years, we’re moving more stuff that direction this year though primarily because of deployments and ease of operation (compared to alternatives).

                                                              We don’t use half of k8s, but things are only just now starting to fill that gap like Nomad. I think we’re probably at least a year off from the backlash though.

                                                            2. 4

                                                              I won’t be surprised if the various FaaS offerings absorb much of the exodus. Most people just want self-healing and maybe auto-scaling with minimal yaml. Maybe more CDN edge compute backed by their KV services.

                                                              1. 1

                                                                Which FaaS offerings are good? They are definitely less limited than they used to be, but do they deal with state well and can they warm up fast?

                                                                I haven’t seen any “reviews” of that and I think it would be interesting. Well there was one good experience from someone doing astronomy on AWS Lambda

                                                                https://news.ycombinator.com/item?id=20433315

                                                                linked here: https://github.com/oilshell/oil/wiki/Distributed-Shell

                                                                1. 2

                                                                  The big 3 cloud providers are all fine for a large variety of use cases. The biggest mistake the FaaS proponents have made is marketing them as “nanoservices” which gives people trauma feelings instead of “chuck your monolith or anything stateless on this and we’ll run it with low fuss”.

                                                                  “serverless” and “function as a service” are both terrible names for “a more flexible and less prescriptive app engine”, and losing control of the messaging has really kneecapped adoption up until now.

                                                                  Just like k8s, there are tons of things I would never run on it, but there are significant operational savings to be had for many use cases.

                                                              2. 4

                                                                I wish, but I am not hopeful. But I have been on that bandwagon for years now. Simple deploys make the devops folks love you.

                                                                1. 1

                                                                  For those in the AWS world, I like what I’ve seen so far of Amazon ECS, though I wish that Fargate containers would start faster (i.e. 5 seconds or less).

                                                                1. 6

                                                                  I wish there was more material on becoming Powershell-literate, specifically. Most of the stuff out there is just for sysadmins, I’d love a more programmer oriented bent. Maybe it’d make me miss linux less!

                                                                  1. 3

                                                                    Powershell always seemed really verbose and and a lot of typing to me; not bad for some tasks, but also not great for interactive usage.

                                                                    1. 3

                                                                      First-class tab completion available for all cmdlets is a big part of making it suck less.

                                                                    2. 2

                                                                      I hard-abandoned Powershell after I realized that it returns different shaped data types depending on if a command returns zero, one or more items. I forget what the scenario was. I initially started building Jump-Location in pure powershell but abandoned it for a C# commandlet after this experience.

                                                                      1. 2

                                                                        I’ve always been a Windows focused programmer, but I’ve felt that PowerShell has always been an IT/Sysadmin tool rather than programmer focused. These days I just use WSL and life is just better.

                                                                      1. 1

                                                                        The packaging on this looks super slick. Those are some of the best docs I’ve ever seen.

                                                                        That being said, where does this fall in the stack exactly? What does it replace?

                                                                        Let’s say I had a Grafana/Loki+Promtail/Prometheus/Jaeger setup or ELK stack (maybe with fluentd instead of logstash).

                                                                        Why and where would I want this?

                                                                        1. 3

                                                                          Good question! We’re hoping to make use cases more clear with a new website in the coming weeks.

                                                                          We are positioning Vector as the only tool needed to collect, process, and route all observability data. Our intent is to replace Prometheus exporters, Telegraf, Fluent, Logstash, Beats, Splunk forwarders, and the like. If you zoom out, we think Vector can serve as an observability data platform that puts you in control. Use cases include:

                                                                          • Cost reduction by sampling and cleaning data.
                                                                          • Cost reduction by separating the system of record from the analysis. (Ex: using S3 as your system of record and sampling data sent to Splunk).
                                                                          • Cost reduction by simply using less internal resources for processing observability data.
                                                                          • Security/privacy compliance through data redaction and other security features.
                                                                          • Prevent lock-in by decoupling data collection and processing from your downstream vendor(s).

                                                                          And finally, we hope that Vector provides a better data catalog than the tools I mentioned above, so it will play an active role in improving the insights you get from this data.

                                                                          Let me know if that helps!

                                                                        1. 1

                                                                          Thanks for this, I have Grafana setup already with InfluxDB and my weekend project is setting up Promethus + Loki!

                                                                          1. 6

                                                                            I wish more tools would learn from other tools. I haven’t ever really seen Perforces Time-lapse view replicated many other places for example. It’s fantastic and I wish git tooling would evolve from it.

                                                                            https://www.perforce.com/video-tutorials/vcs/using-time-lapse-view

                                                                            1. 4

                                                                              Somebody did create one for git in Vim and I maintain a fork people might find useful - https://github.com/junkblocker/git-time-lapse

                                                                            1. 5

                                                                              Great writeup! I wish there were more self-contained examples for how to use pg (and honestly other SQL systems) for stuff that isn’t just libraries, banks, or scheduling.

                                                                              I’m not entirely sure I agree with having a different table per event type, since I usually use a hybrid approach of event name/string column plus a json details column, but they made it work and work well.

                                                                              As a side statement, I want to point out how little (relatively) code this takes compared to the same implementation in other languages. Like, it’s nice to see a clear reminder of how the worldview of a language helps simplify a problem.

                                                                              1. 2

                                                                                One thing we’ve started using pg for lately is a Message Queuing Service, ala AWS SQS. It has built in support for it and works fantastic.

                                                                              1. 9

                                                                                This analogy resonates really well with me because I used to be terrible about flossing but then I got a water pik. Now I “floss” everyday. Maybe the “water pik of software correctness” is out there.

                                                                                1. 7

                                                                                  This comment convinced me to take my water pik out of storage. As some one that loves software correctness but is bad at flossing.

                                                                                  Thanks lobsters.

                                                                                  1. 3

                                                                                    I was thinking the same kind of thing, but then about gum picks. Flossing is annoying, but using gum picks is a breeze and achieves a better result.

                                                                                  1. 1

                                                                                    Any specific reason you have /httpserver rather than /internal/httpserver?

                                                                                    1. 2

                                                                                      Not the author, but I personally don’t think there’s always value to hiding all the packages in internal if your exported artifact is a binary… it adds one extra path component to the import path everywhere with minimal benefit. As an example, I’d rather import github.com/belak/something/models rather than github.com/belak/something/internal/models.

                                                                                      I agree that there’s value for libraries, but this is specifically an http server template.

                                                                                    1. 11

                                                                                      Do you know either language?

                                                                                      Use the one that you know.

                                                                                      If you love working with Python, then I’d suggest Go. Rust would likely be too much cognitive overhead for little benefit.

                                                                                      1. 5

                                                                                        Interesting. I would have the exact opposite reaction. Go will make you think about raw pointers and that kind of thing, whereas rust you can write at a high-level like Python.

                                                                                        Totally agree use the one you know unless you have a desire to learn a new one.

                                                                                        1. 18

                                                                                          If pointers are too much cognitive load then Rust’s lifetimes and ownership juggling is going to be way worse. I’d say that the comparison is more that Python and Go are not particularly functional languages, while Rust obviously is (and that’s the appeal of it to people who like functional languages).

                                                                                          If Rust is faster for a given use case that’s a more like-for-like basis for comparison, but then you might want to use Fortran to go even faster depending on the use case. ;-)

                                                                                          1. 4

                                                                                            Admittedly I’ve invested time in becoming comfortable with Rust, but I actually concur – after gaining some familiarity, Rust feels much higher level than Go.

                                                                                            1. 6

                                                                                              Rust does can definitely operate at a higher level than Go, but it also has a lot more cognitive overhead.

                                                                                          2. 5

                                                                                            Pointers in Go are pretty trivial to work with, and I say this coming to Go from Ruby. Basically your only concern with points are “they can be nil,” otherwise you barely need to differentiate between pointer and structs if you’re writing idiomatically (that is a gross oversimplification and there are performance implications at times, but it’s extremely unlike C/C++ in this respect).

                                                                                        1. 6

                                                                                          Note the use of pointers, this forces other systems to take care of the actual storing of objects, leaving the physics engine to worry about physics, not memory allocation.

                                                                                          The wording makes it sound clever, but now we’re just jumping around memory and this system is now 10x slower than it could be :/

                                                                                          1. 3

                                                                                            Why? They could all be pointers to memory blocks that are close to each other, and the allocator for this type of object could just return from there (eg. arenas). The main issue seems to be that you can’t ever “move” any object now bc. all of the pointers to it would be invalidated. So maybe it’d’ve been better as a ‘sparse map’ (id map to indices into a contiguous array, when you delete you can swap the last element in keeping elements contiguous); but it depends on tradeoff between that map lookup and complete contiguousness.

                                                                                          1. 4

                                                                                            AMP is probably my least favorite thing to happen to the internet in the last ~3 years.

                                                                                            Does it bring me anything of value? Slightly faster load times /sometimes/ ?

                                                                                            1. 3

                                                                                              Nope. It brings you and me confusion and Google ad revenue. I’m frustrated that it’s effectively a centralization push for aspects of the Internet that have historically be decentralized.

                                                                                            1. 18

                                                                                              The expectations of a professional/licensed engineer can be fulfilled whether producing code or writing emails as much as they can by building bridges. I studied electrical engineering (and computer science) but haven’t touched a circuit in 4 years. Currently I’m applying for professional recognition, and of the 16 competencies the body wants to see, there is no requirement for anything physical.

                                                                                              This body’s definition of what makes an engineer includes:

                                                                                              • ethical behaviour
                                                                                              • how you analyse problems
                                                                                              • how you keep up to date on industry practice
                                                                                              • how you communicate with peers and stakeholders
                                                                                              • how you manage risk

                                                                                              Some lessons I feel can be learnt from software practices: Agility, being able to plan for uncertainty particularly for problems where the solution is not known immediately; Revision management, version control was one of the first things I learnt in software and I’m constantly explaining to traditional engineers why it’s important for any publication.

                                                                                              Some lessons I feel software practices could learn from traditional engineering: Stakeholder management; problem analysis (surprised how few sketches and produced for software systems compared with even the management systems I work with); communication.

                                                                                              I’d say anyone working with software - from coder to management - can fulfill the behaviours expected of an engineer; many engineers build their communities without ever touching CAD or concrete.

                                                                                              1. 4

                                                                                                Forgive my ignorance but how exactly do they define ethical behaviour?

                                                                                                I’d argue that someone working on literal bombs is highly likely more of an engineer than I am, yet I find that much much much less ethical than anything I’d ever work on.

                                                                                                1. 3

                                                                                                  They would define it in a way that doesn’t touch anywhere close to that. I think it is the same way that Christian theology was able to exclude war acts from the “do not kill” thing. Any government recognized organization would be expected to do the same leaps.

                                                                                                  I suspect any safety considerations attached to ethical behavior would be for things not including when the thing drops from the sky. Like not accidently blowing up when being hit lightly by a hammer…

                                                                                                  1. 3

                                                                                                    Search for “{name of institution} code of ethics” to answer this. Some examples:

                                                                                                    And specifically in computering:

                                                                                                    1. 3

                                                                                                      Bombs are not unethical.

                                                                                                      You could use bombs to excavate a mine. You could use bombs to stop a horde of murderers coming to your town.

                                                                                                      If it is ethical to kill in self-defense, then it is ethical to build tools that could be used to kill in self-defense.

                                                                                                      1. 4

                                                                                                        Maintaining ignorance towards what your employer will use your work for, because hypothetically it could be used for something not-unethical, is not ethical behavior. You can assume that in OP’s question they’d be working for the military industrial complex.

                                                                                                        The only thing necessary for the triumph of evil is for good men to do nothing. As an engineer, you can make a difference. You’re a scarce resource. Simply choosing to work in a place that does good takes labor away from places that do evil or do “nothing”. And your wage will always be good enough to not have to do “nothing” at a place that does evil.

                                                                                                        1. 3

                                                                                                          The idea that it is ethical to kill in self defence is not universal. There are some that argue it is better to die than to kill. Also, though you could use a bomb to excavate a mine, that is not it’s purpose. Bomb is defined in wiktionary as “An explosive device used or intended as a weapon”. If an explosive device is designed and used for excavation it is not a bomb.

                                                                                                          Sorry to nitpick, I know these points are very niche. I simply want to point out that the statement ‘bombs are not unethical’ is open to debate.

                                                                                                        2. 2

                                                                                                          The other response to your comment (leeg) is spot on. For example, the organisation I’m seeking to recognise me has a code of ethics defined by: Demonstrate integrity, Practise competently, Exercise leadership, Promote sustainability. Deeper definitions are available in their code, and these definitions would allow defence workers, infrastructure builders, and software implementers to practice within their ethical framework.

                                                                                                          Part of such recognition is picking a professional body which is compatible with your personal code of ethics. If you are seeking people who have such recognition, then you could use the recognising body’s code of ethics to evaluate these people.

                                                                                                          Coincidentally, hours after my previous post I met an engineer who worked with bombs, though his were used to dig tunnels for highways and rail ;)

                                                                                                        3. 1

                                                                                                          When I took some EE a decade ago (switched to computer science, didn’t have the will to endure EE), I remember they had some specific reason why “software engineering” wasn’t an engineering discipline. I only wish I could remember what it was. I believe in Canada it wasn’t recognized at the time. The engineers saying this were certainly within the bounds of “physical engineering” - that is to say, their craft built upon real physical things instead of upon an “world”/architecture we as a species defined.

                                                                                                          I much prefer the list you have. I feel that is the a great direction for the industry.

                                                                                                          1. 2

                                                                                                            If you’re interested in further depth on this, Engineers Australia is the organisation I’m referring to. People who undertook accredited study and work with software, whether it be computer games or medical devices, can be recognised as professional engineers based on their behaviours rather than strict preconceived notions (such as typically evidenced by exam).