From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 21141 invoked from network); 12 Jul 2021 06:40:22 -0000 Received: from minnie.tuhs.org (45.79.103.53) by inbox.vuxu.org with ESMTPUTF8; 12 Jul 2021 06:40:22 -0000 Received: by minnie.tuhs.org (Postfix, from userid 112) id 0DC069BB3A; Mon, 12 Jul 2021 16:40:17 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 6D78394FEF; Mon, 12 Jul 2021 16:39:12 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 00CF794FC6; Mon, 12 Jul 2021 16:39:08 +1000 (AEST) Received: from freefriends.org (freefriends.org [96.88.95.60]) by minnie.tuhs.org (Postfix) with ESMTPS id 4C57494FA0 for ; Mon, 12 Jul 2021 16:39:08 +1000 (AEST) X-Envelope-From: arnold@skeeve.com Received: from freefriends.org (freefriends.org [96.88.95.60]) by freefriends.org (8.14.7/8.14.7) with ESMTP id 16C6d3uU001428 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Jul 2021 00:39:03 -0600 Received: (from arnold@localhost) by freefriends.org (8.14.7/8.14.7/Submit) id 16C6d1R8001426; Mon, 12 Jul 2021 00:39:01 -0600 From: arnold@skeeve.com Message-Id: <202107120639.16C6d1R8001426@freefriends.org> X-Authentication-Warning: frenzy.freefriends.org: arnold set sender to arnold@skeeve.com using -f Date: Mon, 12 Jul 2021 00:39:01 -0600 To: tytso@mit.edu, arnold@skeeve.com References: <202107071828.167ISgdN2686558@darkstar.fourwinds.com> <20210710115135.22FDC21C4E@orac.inputplus.co.uk> <20210710141217.8795F21CD1@orac.inputplus.co.uk> <202107101657.16AGvIHu2818628@darkstar.fourwinds.com> <20210711085346.1951E21F16@orac.inputplus.co.uk> <202107110904.16B94rKu012217@freefriends.org> In-Reply-To: User-Agent: Heirloom mailx 12.5 7/5/10 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: [TUHS] Death by bug X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: tuhs@minnie.tuhs.org Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" "Theodore Y. Ts'o" wrote: > On Sun, Jul 11, 2021 at 03:04:53AM -0600, arnold@skeeve.com wrote: > > This is why I have purposely stayed away from jobs at companies doing > > stuff like this. I know I don't write perfect code; I don't want to > > be responsible for devices that can affect human life. This is also > > discussed in the new edition of "The Pragmatic Programmer", which I've > > just finished reading. (Highly recommended.) > > We should never be depending on a human being able to write "perfect > code". Instead, we need to come up with processes so that imperfect > code doesn't escape into production *despite* the fact that humans are > fallible. Such processes might include requiring unit tests, > integration tests, stress tests, etc., requiring code reivews by a > second pair of eyes, perhaps using formal proofs, having multiple > implementations of critical algorithms, cross-checking the results > from those independent implementations, and so on. > > The space shuttle used a number of these techniques. It did *not* > depend on super-human, Über-programmers. I strongly agree with all that. But given that many places don't use such practices (especially startups), I prefer not to put myself into situations where safety of the product depends entirely on the skills of the programming team. Arnold