From: Jon Steinhart <jon@fourwinds.com>
To: tuhs@minnie.tuhs.org
Subject: Re: [TUHS] Death by bug
Date: Sun, 11 Jul 2021 19:57:16 -0700 [thread overview]
Message-ID: <202107120257.16C2vHne2869581@darkstar.fourwinds.com> (raw)
In-Reply-To: <YOueIvV0QOR8Em8g@mit.edu>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="UTF-8", Size: 2413 bytes --]
Theodore Y. Ts'o writes:
> On Sun, Jul 11, 2021 at 03:04:53AM -0600, arnold@skeeve.com wrote:
> > Ralph Corderoy <ralph@inputplus.co.uk> wrote:
> >
> > > Given some devices are present in large numbers for many years in
> > > hospitals, and there's a lot of hospitals, an unnoticed bug could be
> > > steadily chipping away at its human overlords.
> >
> > This is why I have purposely stayed away from jobs at companies doing
> > stuff like this. I know I don't write perfect code; I don't want to
> > be responsible for devices that can affect human life. This is also
> > discussed in the new edition of "The Pragmatic Programmer", which I've
> > just finished reading. (Highly recommended.)
>
> We should never be depending on a human being able to write "perfect
> code". Instead, we need to come up with processes so that imperfect
> code doesn't escape into production *despite* the fact that humans are
> fallible. Such processes might include requiring unit tests,
> integration tests, stress tests, etc., requiring code reivews by a
> second pair of eyes, perhaps using formal proofs, having multiple
> implementations of critical algorithms, cross-checking the results
> from those independent implementations, and so on.
>
> The space shuttle used a number of these techniques. It did *not*
> depend on super-human, Über-programmers.
>
> - Ted
In general I agree with you. But the "we should never" ignores the fact
that we do. It's a complicated problem. A major component is that
our "legal" system allows companies to externalize their liabilities.
And it's difficult to come up a way to assign liability without severely
harming the open source world. As I've said before, if your car crashed
as often as your Windows you probably wouldn't keep buying from the same
manufacturer.
Part of my preferred process is to have two software review teams. One
has access to the source code, the other doesn't. But of course this is
now often not possible when companies used closed-source components that
they purchase.
As someone who agrees with Feynman's dissent on the Challenger commission,
I think that incremental improvement is a good way to go. But, we live in
an age where many folks would rather come up with something bloated and new
rather than build on what's come before. That's making it more and more
difficult to distinguish between "full stack" and a landfill.
Jon
next prev parent reply other threads:[~2021-07-12 2:57 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-02 21:24 [TUHS] [tuhs] The Unix shell: a 50-year view Nelson H. F. Beebe
2021-07-02 21:36 ` Larry McVoy
2021-07-02 21:56 ` Henry Bent
2021-07-02 23:12 ` Steve Nickolas
2021-07-02 23:49 ` Steffen Nurpmeso
2021-07-03 13:34 ` Steffen Nurpmeso
2021-07-03 13:56 ` Richard Salz
2021-07-03 12:04 ` Thomas Paulsen
2021-07-03 13:20 ` Dan Cross
2021-07-03 17:37 ` Theodore Ts'o
2021-07-03 17:57 ` Warner Losh
2021-07-03 18:10 ` Theodore Ts'o
2021-07-03 20:02 ` Dan Cross
2021-07-04 0:47 ` Tomasz Rola
2021-07-04 4:36 ` Larry McVoy
2021-07-04 14:56 ` Dan Cross
2021-07-04 16:07 ` Theodore Ts'o
2021-07-04 20:10 ` David Barto
2021-07-05 0:25 ` Larry McVoy
2021-07-05 1:23 ` John Cowan
2021-07-04 12:48 ` Dan Cross
2021-07-05 7:14 ` Tomasz Rola
2021-07-05 16:26 ` John Cowan
2021-07-06 23:17 ` Tomasz Rola
2021-07-06 23:47 ` Steve Nickolas
2021-07-06 23:49 ` Warner Losh
2021-07-06 23:48 ` John Cowan
2021-07-07 0:46 ` Theodore Ts'o
2021-07-07 0:58 ` George Michaelson
2021-07-07 2:48 ` Larry McVoy
2021-07-07 18:32 ` Tomasz Rola
2021-07-07 20:50 ` Michael Kjörling
2021-07-08 6:46 ` [TUHS] Overgrown ffox (was: The Unix shell: a 50-year view) Tomasz Rola
2021-07-08 13:59 ` Derek Fawcus
2021-07-08 19:25 ` Steffen Nurpmeso
2021-07-08 19:37 ` Steffen Nurpmeso
2021-07-08 20:40 ` Steffen Nurpmeso
2021-07-08 22:23 ` Kevin Bowling
2021-07-08 21:47 ` [TUHS] [tuhs] The Unix shell: a 50-year view Theodore Ts'o
2021-07-09 20:14 ` Michael Kjörling
2021-07-07 13:54 ` Tony Finch
2021-07-06 16:05 ` Clem Cole
2021-07-09 22:19 ` Tomasz Rola
2021-07-04 20:10 ` Tony Finch
2021-07-05 3:59 ` Theodore Ts'o
2021-07-05 15:08 ` Steffen Nurpmeso
2021-07-05 3:52 ` Bakul Shah
2021-07-04 18:17 ` John Dow via TUHS
2021-07-04 19:46 ` Clem Cole
2021-07-05 1:33 ` Noel Hunt
2021-07-05 2:38 ` Clem Cole
2021-07-05 2:51 ` Warner Losh
2021-07-05 3:03 ` Clem Cole
2021-07-05 3:01 ` Clem Cole
2021-07-05 5:22 ` Noel Hunt
2021-07-06 5:10 ` Nevin Liber
2021-07-06 13:30 ` Clem Cole
2021-07-06 16:23 ` Theodore Ts'o
2021-07-07 1:57 ` Dan Cross
2021-07-07 2:52 ` Larry McVoy
2021-07-07 5:19 ` Andrew Warkentin
2021-07-07 18:28 ` Jon Steinhart
2021-07-10 11:51 ` [TUHS] " Ralph Corderoy
2021-07-10 13:54 ` Henry Bent
2021-07-10 14:12 ` Ralph Corderoy
2021-07-10 16:57 ` [TUHS] Death by bug [formerly The Unix shell: a 50-year view] Jon Steinhart
2021-07-11 8:53 ` [TUHS] Death by bug Ralph Corderoy
2021-07-11 9:04 ` arnold
2021-07-12 1:42 ` Theodore Y. Ts'o
2021-07-12 2:57 ` Jon Steinhart [this message]
2021-07-12 6:39 ` arnold
2021-07-12 9:56 ` Ralph Corderoy
2021-07-11 16:10 ` Jon Steinhart
2021-07-12 10:37 ` Ralph Corderoy
2021-07-06 13:40 ` [TUHS] [tuhs] The Unix shell: a 50-year view John Cowan
2021-07-06 14:12 ` Chet Ramey
2021-07-07 0:53 ` Nevin Liber
2021-07-07 13:08 ` Chet Ramey
2021-07-07 15:15 ` Richard Salz
2021-07-03 0:09 ` Andrew Warkentin
2021-07-03 15:49 ` Andy Kosela
2021-07-04 23:24 ` [TUHS] Is C obsolete? (was Re: [tuhs] The Unix shell: a 50-year view) Derek Fawcus
2021-07-04 23:50 ` Nemo Nusquam
2021-07-05 0:15 ` Dan Stromberg
2021-07-05 0:21 ` Larry McVoy
2021-07-05 2:36 ` John Cowan
2021-07-05 2:59 ` Richard Salz
2021-07-05 3:47 ` Larry McVoy
2021-07-05 4:02 ` Dan Stromberg
2021-07-05 13:45 ` Steffen Nurpmeso
2021-07-05 20:15 ` Dan Stromberg
2021-07-05 21:05 ` Larry McVoy
2021-07-05 21:29 ` Clem Cole
2021-07-05 22:22 ` Brantley Coile
2021-07-06 4:35 ` Dan Stromberg
2021-07-06 4:44 ` Warner Losh
2021-07-06 5:58 ` Rico Pajarola
2021-07-06 13:05 ` Clem Cole
2021-07-05 12:11 ` Thomas Paulsen
2021-07-05 4:08 ` Dan Stromberg
2021-07-05 4:23 ` George Michaelson
2021-07-05 14:43 ` Larry McVoy
2021-07-05 15:17 ` Steffen Nurpmeso
2021-07-05 15:36 ` Steffen Nurpmeso
2021-07-05 15:53 ` Mike Markowski
2021-07-05 16:39 ` Warner Losh
2021-07-05 19:02 ` Clem Cole
2021-07-02 22:27 ` [TUHS] [tuhs] The Unix shell: a 50-year view Chet Ramey
2021-07-02 23:09 ` Steve Nickolas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202107120257.16C2vHne2869581@darkstar.fourwinds.com \
--to=jon@fourwinds.com \
--cc=tuhs@minnie.tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).