zlacker

Every time I read about space engineering, I'm amazed by how contingencies have contingencies. It's so much careful planning and rigor compared to my world. I can always re-compile, re-deploy and regularly realize that my job is not life or death.

>>notyou+(OP)
I like when people mention that they're "computer doctors." I have some stressful migrations that require a lot of planning and could cost a significant amount money if botched but I can't imagine the additional stress of someones life being at my fingertips.

>>notyou+(OP)
Honestly, I'd say most engineering is like that outside of the software world. In the classic engineering disciplines with actual licensures at the end of the pipeline, the responsibility and ethics of this are ingrained into students from day 1. (Budget and importance of the application doesn't always allow for the indulgence of this though, at least to a point.)

This type of thinking also follows from decades of experience.

For some reason the software engineering world largely abandoned esteem and respect for all of the above.

>>Engine+O3
Errors in software rarely ever matter and even when they do, can usually be trivially corrected.

>>throwa+Yo
Except when they do matter, like the Therac-25 deaths or those 737 MAX crashes.

>>crooke+6q
> 737 MAX crashes

To imply this was a software bug is a pretty silly representation - the system was poorly engineered and didn't have proper contingencies for sensor disagreement. This is pretty clearly a design/engineering error with a software component.

Besides, the guy said "rarely ever matter" for a reason, not "explicitly never impact things"... Bit of a silly comment from you IMO

>>swozey+P
It's tricky.

Many moons ago when I was hands-on and stressed about migrations & config, my team lead at the time would say exactly the same thing - his wife is a doctor and her job is way more stressful - People die. And I bought into it as a relief for a while.

But... I work on a payroll system. My team does impact people. Mistakes can have important negative consequences to real live individuals - from stress invoked in trying to call help centre and fix their paycheques, to disconnected utilities if they don't get paid correctly/timely, to other downstream consequences.

Any number of other IT systems have significant consequences - e.g. airline ticket systems, airbnb bookings, etc. I feel the "nobody died" is a double-edged sword: it can help relieve people of the daily sense of artificial stress, urgency and grind that management may impose; but also builds a false dichotomy / unreasonably binary threshold on when our job matters / impacts ...

>>throwa+Yo
It’s not life or death, but time spent dealing with errors - debugging, the direct effects, understanding full impact - isn’t a resource we can get back.

>>nawgz+kr
To view software in isolation is an equally silly representation. In the physical world, software is part of an overall system that needs to be considered holistically. Most major safety-critical mishaps are the result of several failures, often across different domains.

In the case of the 737MAX, the software was a design around a physical constraint; that doesn't mean the software doesn't matter. Most software is designed as a workaround of a certain physical or mental constraint.

>>Nikola+Js
https://en.wikipedia.org/wiki/List_of_data_breaches

>>throwa+Yo
Software does not wear out like most physical components, but they often cause failure in interaction/coordinating between subsystems.

As the amount of coordination increases, the number of failure modes tends to grow quite fast. That's why software failures in physical, safety-critical systems are not trivially corrected. There are a lot of second order effects that need to be considered.

>>Nikola+Js
I think one of the greatest contributions launch window aerospace neurosurgeons make to society is the way they cause nobody else to ever feel stress in any way.

>>Engine+O3
To be honest with ourselves, until we have standardized licensing/accreditation that is fully recognized, we aren't really engineers.

I would love to see a day when redundancy like this is just a standardized, accepted practice rather than a stand-up debate. Easier said than done of course.

>>progra+8u
I find myself thinking about that a lot - mainly "how many more hours would have needed to be spent at stage A to avoid the hours being spent now to recover from problems our software is currently causing". And often if I'm honest with myself it's hard to see that the extra investment of time earlier on would have necessarily resulted in a net productivity gain. It would however likely be a less stressful way to work (building fire-proof code rather than putting fires out all the time), and rather more satisfying. As an engineer of any sort I think it's perfectly reasonable and justifiable to want to produce something of quality even if it takes longer and the consequences probably won't be that terrible if you just release the first thing you can slap together. Unfortunately others are almost entirely motivated by the (not entirely irrational) fear of what happens if you don't release something quickly enough.

>>Engine+O3
> Honestly, I'd say most engineering is like that outside of the software world.

Add civil engineering to that nowadays - both buildings and roads.

Sure, there are regulations and licensing, but quite often the entity financing the whole thing cares little about such things.

>>throwa+Yo
Honestly I can't imagine someone who hasn't been living under a rock for the last half century could say this. Just one example: Knight Capitol was the largest trader in U.S. equities, with a market share of 17.3% on NYSE and 16.9% on NASDAQ in 2012, right up until August 1, 2012, when it lost $460 million and 75% of its equity value because of a software error. What was left of it was acquired in December of that year.

>>NBJack+7y
You can have this now, just go work in healthcare tech or a bank. The trade off is no innovation, career boosts, professional accomplishments, or projects under $10M.

Clients who want NASA quality can have it if they bring NASA budgets and timelines.

>>progra+8u
It's funny you say that, because designing systems that work extremely well, have contingencies upon contingencies, and can be relied upon (e.g. as a life-critical system) is so time consuming and (I imagine) mind numbingly boring (e.g. reviews upon reviews of white papers to ensure that the system spec is scientifically sound) that I'd guess time is the last thing you'd get back from writing NASA-style applications.

>>Engine+O3
I don't understand why this dig is constantly taken at software. Look at how many layers of fallbacks exist even on the average webapp written by junior devs. Optimistic rendering on form submissions, graceful degradation of features, falling back to last cached data, HTTP request retries with binomial exponential backoff and jitter, TCP packet retransmits, ECC corrections on servers, etc.

In cases where fault tolerance isn't as robust, it's for the same reasons as other disciplines you mentioned: budget and importance.

>>crooke+6q
If you're referring to MCAS in 737, the software itself wasn't the main problem; I'd say that the main problem was that it wasn't even a documented feature (let alone the engineering of the system itself).

The pilot couldn't even turn MCAS off originally. That's not a software thing, that's a "who the F designed this" thing.

>>Engine+O3
> For some reason the software engineering world largely abandoned esteem and respect for all of the above.

The main contingency with most software is that you fix it.

>>Engine+O3
It’s not the licensing or the ethics classes or the responsible thinking or the professors that causes some engineering disciplines to be more carful.

It’s the cost when something fucks up.

If I’m holding my phone near a cliff, and I rely on it for navigation and I’m hours from civilization, I’m a little more careful, not because I’m normally super careful. It’s because — in that specific scenario — losing my phone would cost me so much and the chance of it happening is much more likely.

Space companies spend a little extra because the cost is years of development and billions of dollar evaporating in a few seconds.

And there are software teams in certain industries that dot their I’s and cross their T’s as well.

Even on some dumb CRUD app, if it’s a critical piece of code that the rest of the software hinges upon, you spend a little extra time because the cost of fuck up is so major.

Or you’re launching a product and you have a sign up that will seed your user base, you damn well make sure it works.

>>bumby+Zu
> Software does not wear out like most physical components.

It fails like buildings near fault lines, because the ground moves under them. Think broken dependencies, operating system obsolescence, et cetera.

>>Engine+O3
I did an engineering degree but I have to say, the ethics imparted on me were basically “be diligent and don’t build anything that harms people by accident” which… really ought to be, like, table stakes for living in society, right?

>>Engine+O3
Move Fast And Break Things^TM

Jokes aside I think it's mostly a value/cost thing. NASA's software has different requirements and failure scenarios than most software developers (in this context I will not call them software engineers) have to care about. Verifiable correctness is harder to predict, and in most devs' roles it's easier to just try something and see what happens, rather than know what'll happen up front.

>>bee_ri+gF
As you've stated the oath, it's certainly glib, but it's not table stakes because it's not a mere commitment to good intentions or a kind heart. Engineering ethics are not a commitment to good intentions. To take that pledge seriously, you need to be able to trace all your requirements and consequences in order to analyze, prevent and verify you've prevented potential danger without breaking what you've built. Most people in society would not succeed at this.

>>bilalq+wz
It's also completely untrue that the norm outside of software engineering, I think this perception comes because we only think of the big engineering projects like NASA or building projects, and forget how broad engineering is and can be. I worked for a company that mainly did electrical engineering, and there was plenty of happy-path work that just assumed the error cases would happen rarely or be handled somewhere else. It was also quite difficult to get good change control working, and automated testing was painful and irregular. (In fairness, automated testing was also a lot harder, but we could have worked harder on it and caught a lot more issues early on.)

My impression from friends working in other engineering disciplines is that software engineering works similarly to other fields: the more risk to human lives is involved, the more testing, redundancy, etc is involved.

>>Qem+hC
I like this analogy. Although your example focused on software-centric coordination, I think it's important to also extend it to non-software systems.

An apropos and famous example is the Ariane 5 rocket mishap. The same validated software from the Ariane 4 was used, but the hardware design changed. Specifically, the velocity of the Ariane 5 exceeded that of its predecessor and exceeded the 16-bit variable used.

>>bilalq+wz
I think it comes down to to a couple of things that software doesn't have that most other disciplines do:

Standardisation - in the big 'E' Engineering world, there would be a recognised international standard for Web Apps that ensured/enforced that all Web Apps supported this functionality, or they would not be approved for use.

Another factor is Accountability. A senior Software 'Engineer' would have to take personal responsibility (liability, accountability) that the software product they are producing and/or overseeing met all these requirements and personally sign off that these standards have been met. If the product were to fail at any point and it was determined that the cause was negligence in following the standard, any damages sought (not common, but not unheard of) would ultimately find their way to the accountable individual and their insurance.

In cases where budgets/importance don't allow for this level of scrutiny, there would still be paperwork signed by the producer of the software and the client acknowledging deviation from the standard and waiving any recourse for doing so.

>>dfex+z41
I agree with this 100%.

>>Engine+O3
>For some reason the software engineering world largely abandoned esteem and respect for all of the above.

it's a lower bar for entry, any kid can run a compiler -- it's harder to acquire a bulldozer and planning permits.

similarly if you look at 'diy' or 'garage' engineering you can find all sorts of hazardous/poorly-built/never-should-have-existed death traps. How many people have died in recent years from fractal burning?

it's still engineering -- they're building their own tools -- but it's within a realm (DIY/maker) that historically has undersold the dangers inherent with the things.

Why? Mostly because they're self-taught, mentorless, and without the direction within their education to be taught the importance of engineering rigor, similar to the kid given the compiler who starts making forkbombs and goofy dialogs to prank their friends.

>>MrJohz+6M
OceanGate

>>dfex+z41
> Standardisation

there is totally standardization. At the building block level. TCP/IP, Protocols on top of that, language standards etc.

Web Apps are complex, why would there be a standard? Just like there's no standard for cars, other than for some of their components like wheels or headlights.

>>fnord7+Kr1
There are absolutely very well-defined and detailed standards for cars defined at both a national and international level. They range from excruciating requirements around single components (eg. ESC) through to broad design requirements (like how wide a car).

See the Australian Design Rules (which happens to form the basis of most UNECE and Canadian transport regulations) if you want to see how detailed they are.

>>e1g+6z
Oof. Point well made. That I certainly don't see changing any time soon.

>>Engine+O3
> For some reason the software engineering world largely abandoned esteem and respect for all of the above.

That's what happens when there's no liability. Even if you're a billion dollar corporation, you can just slap some standard legal boilerplate disclaimer on the license agreement and absolve yourself of all responsibility even when hackers pwn the private information of your customers. They can't complain since technically the contract says there were no guarantees.

Some version if this legal boilerplate can be found in virtually all software licenses, including open source ones:

  THE SOFTWARE IS PROVIDED "AS IS",
  WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
  INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.
  IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING
  THE SOFTWARE BE LIABLE FOR ANY DAMAGES OR OTHER LIABILITY,
  WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
  OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
  IN THE SOFTWARE.

Start holding developers and especially corporations directly accountable and liable for any problems and I guarantee they'll start respecting it the very next second.

>>bee_ri+gF
It ought to be but it's not. Plenty of sociopaths out there who think nothing of poisoning children with heavy metals in toys if it's cheaper. How many businesses neglected software system security, only to compromise the personal information of thousands, millions of people? It's not like there are consequences. As far as I know, no one was ever arrested.

>>fnord7+Kr1
Aeroplanes are complex, but you can bet your life there are standards for those. And cars? Wow - I'm not sure which country you live in, but there are probably as many safety standards for road vehicles as there are for planes!

To continue the analogy from earlier - standards wouldn't mean all web applications would have to be designed, programmed and work exactly the same way, but it would mean that they would need to be formally tested (to an approved test plan), and to use your example, would need to demonstrate that each of those layers of fallbacks (as dictated by the standard and covered in the test plan) operate correctly in order to be certified.

If anything, I think software has a huge advantage over physical world engineering in that testing can be replicated at virtually no cost whenever a change is made to the design. I shudder to think how many cars get trashed in order to meet vehicle safety testing requirements.

>>dfex+kH1
you're confusing regulations with standards

>>fnord7+wN1
No, I'm not.

Here is the Australian Standard for Caravan and light trailer towing components, Part 1: Towbars and towing brackets

https://store.standards.org.au/product/as-4177-1-2004

There are thousands of these documents covering everything to do with transport from the vehicles to the reflectivity of street signs.

The regulation (at least in my state) is that only engineers who are registered as Registered Engineers are permitted to carry out professional engineering services in this state.

>>fnord7+pr1
They said engineering, not randomly hacking at stuff.