From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 10038 invoked from network); 12 Jul 2021 09:57:49 -0000
Received: from minnie.tuhs.org (45.79.103.53)
  by inbox.vuxu.org with ESMTPUTF8; 12 Jul 2021 09:57:49 -0000
Received: by minnie.tuhs.org (Postfix, from userid 112)
	id 920879BB5C; Mon, 12 Jul 2021 19:57:45 +1000 (AEST)
Received: from minnie.tuhs.org (localhost [127.0.0.1])
	by minnie.tuhs.org (Postfix) with ESMTP id 4FE9094FC6;
	Mon, 12 Jul 2021 19:57:14 +1000 (AEST)
Received: by minnie.tuhs.org (Postfix, from userid 112)
 id DF57E94FC6; Mon, 12 Jul 2021 19:56:41 +1000 (AEST)
Received: from relay05.pair.com (relay05.pair.com [216.92.24.67])
 by minnie.tuhs.org (Postfix) with ESMTPS id 7862494FA0
 for <tuhs@minnie.tuhs.org>; Mon, 12 Jul 2021 19:56:41 +1000 (AEST)
Received: from orac.inputplus.co.uk (unknown [84.51.128.33])
 by relay05.pair.com (Postfix) with ESMTP id 352A61A2C2F
 for <tuhs@minnie.tuhs.org>; Mon, 12 Jul 2021 05:56:40 -0400 (EDT)
Received: from orac.inputplus.co.uk (orac.inputplus.co.uk [IPv6:::1])
 by orac.inputplus.co.uk (Postfix) with ESMTP id 0BFE121E8F
 for <tuhs@minnie.tuhs.org>; Mon, 12 Jul 2021 10:56:39 +0100 (BST)
To: tuhs@minnie.tuhs.org
From: Ralph Corderoy <ralph@inputplus.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
In-reply-to: <YOueIvV0QOR8Em8g@mit.edu>
References: <CAC20D2N2dmsX21fPO5_nHU7RTC+Kbsr0x_Hqvv2cr9C8Dpdeng@mail.gmail.com>
 <YOSDmL7dCmy2KYGz@mit.edu>
 <CAEoi9W6oDNmGgMo+cF163KW9AVmj7xvBYBORDwTHmOBGgX68cw@mail.gmail.com>
 <202107071828.167ISgdN2686558@darkstar.fourwinds.com>
 <20210710115135.22FDC21C4E@orac.inputplus.co.uk>
 <CAEdTPBer7fHrdcF6oXnmtFLOjVuwhAfiyc3eLkr__9AM-ORX1w@mail.gmail.com>
 <20210710141217.8795F21CD1@orac.inputplus.co.uk>
 <202107101657.16AGvIHu2818628@darkstar.fourwinds.com>
 <20210711085346.1951E21F16@orac.inputplus.co.uk>
 <202107110904.16B94rKu012217@freefriends.org> <YOueIvV0QOR8Em8g@mit.edu>
Date: Mon, 12 Jul 2021 10:56:39 +0100
Message-Id: <20210712095639.0BFE121E8F@orac.inputplus.co.uk>
Subject: Re: [TUHS] Death by bug
X-BeenThere: tuhs@minnie.tuhs.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: The Unix Heritage Society mailing list <tuhs.minnie.tuhs.org>
List-Unsubscribe: <https://minnie.tuhs.org/cgi-bin/mailman/options/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=unsubscribe>
List-Archive: <http://minnie.tuhs.org/pipermail/tuhs/>
List-Post: <mailto:tuhs@minnie.tuhs.org>
List-Help: <mailto:tuhs-request@minnie.tuhs.org?subject=help>
List-Subscribe: <https://minnie.tuhs.org/cgi-bin/mailman/listinfo/tuhs>,
 <mailto:tuhs-request@minnie.tuhs.org?subject=subscribe>
Errors-To: tuhs-bounces@minnie.tuhs.org
Sender: "TUHS" <tuhs-bounces@minnie.tuhs.org>

Hi Ted,

> > This is why I have purposely stayed away from jobs at companies
> > doing stuff like this. I know I don't write perfect code; I don't
> > want to be responsible for devices that can affect human life.
>
> We should never be depending on a human being able to write "perfect
> code".

And no one has suggested we do; Arnold just pointed out he knows doesn't
which is a good first step to working on critical software.

> Instead, we need to come up with processes so that imperfect code
> doesn't escape into production *despite* the fact that humans are
> fallible.  Such processes might include requiring unit tests,
> integration tests, stress tests, etc., requiring code reivews by a
> second pair of eyes, perhaps using formal proofs, having multiple
> implementations of critical algorithms, cross-checking the results
> from those independent implementations, and so on.

Haven't you just pushed the need for perfection from coding to processes
to achieve ‘imperfect code doesn't escape into production’.  Perfection
doesn't exist there either.

-- 
Cheers, Ralph.