Comment by noosphr

Comment by noosphr 3 months ago

22 replies

View on Hacker News

>The best chemical engineer isn't the one that knows the pressure at which chlorine tanks fail, they are the one that knows chlorine gas can be stored in a garage in coke bottles.

I look forward to the day that software 'engineers' are held accountable to the same degree that all other engineers are.

I've written software for industrial machinery that can kill people if it went wrong. It's amazing how much your views on software change when you realize that your accountability starts at manslaughter and goes up from there.

A human life is valued at around $10m in the developed world, incidentally my first real job was fixing an excel spreadsheet that caused $10m in trade losses after the API it called for exchange rates went stale.

I'm not saying that we arrest everyone who writes a spreadsheet to help them with their job. But _someone_ should have their head on the line when it becomes a business process without oversight that can cause millions in losses, damages or bills.

Mountain_Skies 3 months ago

I look forward to the day when software engineers have the autonomy that licensed engineers have, so they can tell managers no and if the manager goes around the engineer, the manager and the company end up directly liable for the damage they create.

Reply View 13 replies
  • godelski 3 months ago

    These are in fact the same thing. It is because an engineer can be held liable that results in them being willing to say no. In general, they probably won't be prosecuted, but a common reason for this is that there will be written records of engineers telling management that there are concerning risks. This also results in the job of a Professional Engineer, who is a person who legally puts themselves on the line. They get paid very well and for good reason, they have a lot on the line themselves.

    I suspect that a big reason CS is not held to the same standards is due to abstraction and that it is still new. But we do live in a time where bad code can get people killed (control systems are the easiest examples), just as building a faulty bridge will. I just hope we don't need a Tacoma Bridge to cause change. Obviously it is harder to figure out things that are more abstract like Social Media (can provide both good and harm).

    But I'd say, you can always say no. If you're not saying "no" now, that's still a choice you've made. A job is very persuasive, and I'm not saying you're bad for just keeping your head down, just that people should consider where they'd draw the line. The line is personal and different for everyone (which is okay!). Having taken traditional engineering courses, I'll note that ethics is frequently discussed and you're likely to be told you should try to define your line before you asked to cross it. If you don't, you'll likely to cross the line without knowing, as you just didn't know what it looked like. You can always redefine the line as you get more resolution (it continuously updates) but it's much harder to say "no" when you haven't given it much thought.

    Reply View 12 replies
    • necovek 3 months ago

      The main reason we are at a point we are is that it is possible to build very complex software systems cheaply: both the tools and building blocks are abundant and available to everyone.

      If an engineer tried to build a skyscraper or a bridge, they'd meet challenges other than them having knowledge or professional certification.

      And to your point, if anyone ever asked an engineer to insert another floor between 8th and 9th floor of a 15 story building, they'd laugh at them. In software engineering, this is possible even if hard.

      And finally, because of software living a much different life, it will be hard to define criteria for good software.

      Reply View 11 replies
      • whstl 3 months ago

        > And to your point, if anyone ever asked an engineer to insert another floor between 8th and 9th floor of a 15 story building, they'd laugh at them. In software engineering, this is possible even if hard.

        Bingo.

        For building engineers this is chuckle worthy. For software engineers, it's Wednesday.

        Reply View 0 replies
      • nearting 3 months ago

        > And to your point, if anyone ever asked an engineer to insert another floor between 8th and 9th floor of a 15 story building, they'd laugh at them. In software engineering, this is possible even if hard.

        Ah yes, another cocktail party idea [1] where a software engineer pretends like they understand civil engineering.

        [1] https://danluu.com/cocktail-ideas/

        Reply View 8 replies
      • godelski 3 months ago

        I think you misinterpreted. I mostly agree. But people do program things like cars, planes, and other things that can literally cost human lives.

        The judgement isn't made on if mistakes happen, but if those that built the thing should have known better. You don't get sued when you legitimately don't know, but you can't be infinitely stupid either. It's about if you should have known. This does include things like not spending enough time or research determining if something is safe, because you can't just avoid answering a question that a reasonable person would have asked. And it has to lead to harm being done.

        It can help to see what the lawsuits are about. Like Takoma Airbags case[0] where they're being charged with knowing issues. It's for knowingly doing something bad. But you can't avoid asking questions, like in the Challenger Shuttle disaster[1] both NASA and Thiokol ignored signs that the O-rings being used were potentially dangerous and ignored concerns from engineers. While they didn't know the O-rings were defective in cold weather they should have known.

        With more abstract stuff like Social Media, yeah, we're not in clear cases that are doing harm. No one is going to be prosecuted for inventing nor even building social media. But you can have knowingly harmful practices like manipulating users feeds without consent to perform testing to see if you can make users more happy or sad[2]. The issue isn't that the experiment happened, but that you're experimenting on humans who did not knowingly give consent. You couldn't do that type of a thing with people offline. Offline you need consent before experiments. And you can't just say they'll subject to any experimentation with no warning and grant this privilege indefinitely. Because you should be asking if your experiments might harm people and there's a reasonable belief that it might cause harm.

        And on the other hand, no one is asking that the devs at wikipedia be sued or lose their programming license just because they created a dark mode where the radio button has an option of "system" but is defaulted to "light". Nor because they didn't go to the lengths is would be to make sure all images properly render when viewed in dark mode. These don't cause harm. Annoying and easy to fix issues, but no real harm has been done. Just petty issues.

        It can definitely be fuzzy at certain points, especially as all this is new, but it is also okay that things become more defined over time as we learn more. The point is to keep ethics in mind and to be thinking of the consequences of your work. No one is in trouble if you don't hurt someone but you can't walk around never considering the consequences of your actions. It's the work version of not allowing an excuse of "I was just following orders" or "I was just delivering them, I didn't know what was in them". This is not some belief that people should be sued just because they wrote shitty code. But they could IF someone gets hurt AND you used AI to write code because it is cheaper than a person AND knew that the code being written could harm someone.

        [0] https://www.justice.gov/criminal/criminal-vns/case/united-st...

        [1] https://en.wikipedia.org/wiki/Space_Shuttle_Challenger_disas...

        [2] https://techcrunch.com/2014/06/29/ethics-in-a-data-driven-wo...

        Reply View 0 replies
whstl 3 months ago

I don't think this is gonna happen until we're able to say no to stupid shit pushed on us.

When working as an electrical engineer I never had co-workers fighting me on whether I should do stuff that goes against building code. My building engineering friends never had a product manager say "trust me, we don't need this load bearing wall".

I know of engineers who did stupid shit at work and got their license revoked, and even some famous ones went to jail.

Of course there is the famous Steve Jobs story [1] where he forced Burrell Smith to do a stupid PCB and it didn't work, but Jobs was at least willing to accept that this was a test and would take the fall for the spent money.

[1] https://folklore.org/PC_Board_Esthetics.html

Reply View 0 replies
Wurdan 3 months ago

I look forward to the day when "good code" becomes as obvious as the best practices in some other engineering disciplines.

I like the Practical Engineering YT channel and one thing I always find interesting is learning about all the research and guidance that exists for things I never thought of. Like there are 400 page documents on how to implement drainage in dams based on decades of experience and post-mortem investigations when things went wrong.

But it feels like every time I'm involved in a software project, we're starting almost from scratch and just incrementing towards an unknown future which is "good enough". Even if you have a team of experienced developers then the Best Practices at the start of the project are not what they were 2 years prior. The tools that they used on their past projects have evolved (or been deprecated). Or maybe they're being asked to do a bunch of data engineering where they previously did full stack Web development, because org structures are fluid and many IT leaders feel that good engineers can solve any problem with code (ignoring the idea of specialisation).

This is not to disagree with your point, but more to say that a lot of the infrastructure and professional norms around classical engineering disciplines just aren't there (yet) for developers.

Reply View 1 reply
  • okwhateverdude 3 months ago

    > infrastructure and professional norms around classical engineering disciplines just aren't there (yet) for developers.

    I honestly doubt it will ever get there. Our profession pretty much materialized over night in comparison to other disciplines, and in a rapidly evolving environment, with a much broader application. Only so many bridges/dams/buildings are built in a given time frame and have such incredible capital costs, and human life costs if they get it wrong. It makes sense to carefully curate who and how those things get built. The vast majority of software on the other hand, unless it is for medical/construction/factory equipment that can kill people, is usually super low stakes. And with the democratization of programming in general, even your VBA-curious business analyst can do it in their spreadsheet. Sure I can do the pro se thing in court (and lose my life/freedom), read webmd and treat my own cancer (and die), build my own dam (and flood my neighborhood), but we gatekeep those professions because of the dire consequences of fucking it up. Until software more broadly has those kinds of consequences, there will be no licensure.

    Reply View 0 replies
lijok 3 months ago

I am very glad to hear the positive tone of discourse happening under your thread. I've been arguing for regulation for the software "engineering" "profession" for over a decade now, and am usually met with dramatic recoil.

You don't need to write pacemaker firmware to produce severely negative outcomes through ineptitude or indifference. I know of a frontend developer whose UX mistake in a financial mobile app triggered a vulnerable customer to end their life. I've heard stories of people ending up in the hospital because of unmet, unvoiced requirements for tasks delegated to junior developers.

It's a strange world we live in where the "profession" with the most (usually unrealized) potential has no oversight.

Bob Martin said it best: We either regulate ourselves or we will find ourselves regulated.

Reply View 0 replies
esperent 3 months ago

> chlorine gas can be stored in a garage in coke bottles

I get the point you're trying to make but you absolutely can't store chlorine gas safely in your garage in a coke bottle. If you try doing this as a business, you'll get shut down hard and possibly some prison time too.

On the other hand, WordPress is a valid solution for a huge number of businesses. Perhaps the previous commentor should have labored their point and noted that the engineer's skill is required to know when WordPress is a valid option, and also just as importantly, when it's not.

But suggesting the use of WordPress is in no way comparable to doing something illegal like storing chlorine gas improperly.

A better comparison would be to using an off the shelf chlorine storage system versus developing your own. For most companies, off the shelf will be the right choice, but others are doing complex things that require them to develop their own systems.

Reply View 2 replies
  • namaria 3 months ago

    I have a fairly obscure domain that gets absolutely bombarded by wordpress related scans. This tells me two things: wp seems pretty easy to misconfigure, and a lot of scripts are looking for these misconfigurations. Based solely on that I would never recommend it to a tech-naive business.

    Reply View 1 reply
    • esperent 3 months ago

      We're talking about businesses who have hired a software engineer to advise them on how to set things up correctly. I don't personally have any experience with WordPress, but I assume that it is possible to set up correctly, right? If you hire an expert and pay them to do it, I mean.

      Reply View 0 replies
cced 3 months ago

Developers should get the axe even though there’s an entire process behind pushing code out to production? QA, UAT? Surely people sign off on what’s being pushed out?

Reply View 0 replies