WingNews

woooooo|7 months ago

The 80s and 90s devs who built our current software infra were, on average, FAR less credentialed than today's juniors and mids who mostly don't understand what they're building on.

cguess|7 months ago

Sure, and Da Vinci didn't have an architectural degree when he was designing bridges, but now you need a proper license to do so. Society learns to do better

stouset|7 months ago

The difference is we didn’t know any better back then. We do now.

__MatrixMan__|7 months ago

In our imperfect world, by the time the government could get together a reasonable certification process the content you're tested on would be out of date. Maybe when the industry is older it'll change slow enough to do that, but I don't think that'll happen so long as there's so much money aimed at disrupting everything and monetising the disruption.

Were going in circles far too fast to have licensure that hinges on being up to date.

gowld|7 months ago

That's what tort law is for. It leaves the details to the experts, and judges based on general notions of intent, negligence, and harm caused. The threat of financial ruin should incentivize against selling malware.

atleastoptimal|7 months ago

Let's say it was coded extremely well, but nevertheless a more advanced exploiter wreaked similar havoc. Would they still be liable in your perfect world? To some degree the principle of caveat emptor should apply in some tiny, nascent business, otherwise only large juggernaut monopolistic incumbents would have the means to have any stake in software.

Frieren|7 months ago

> Let's say it was coded extremely well, but nevertheless a more advanced exploiter wreaked similar havoc.

A doctor kills a patient because malpractice. Could that patient have died anyway if the patient had a more critical condition?

That is a non sequitur argument.

> Would they still be liable in your perfect world?

Yes. The doctor would be liable because did not meet the minimum quality criteria. In the same way that the developer is liable for not taking into account any risks and providing a deeply flawed product.

It is impossible in practice to protect software from all possible attacks as there are attackers with very deep pockets. That does not mean that all security should be scrapped.

rsynnott|7 months ago

Imagine these two scenarios:

Your spouse dies in surgery. The highly experienced surgeon made a mistake, because, realistically, everyone makes mistakes sometimes.

Your spouse dies in surgery. The hospital handed a passing five year old a scalpel to see what would happen.

There's a clear difference; neither are _great_, but someone's probably going to jail for the second one.

In real, regulated professions, no-one's expecting absolute perfection, but you're not allowed to be negligent. Of course, 'software engineer' is (generally) _not_ a real, regulated profession. And vibe-coding idiot 'founder' certainly isn't.

pishpash|7 months ago

That's always the double-edged sword with regulation, but sooner or later people will demand it, or much more of it.

kalaksi|7 months ago

I don't remember the specifics well, but under GDPR they'd be required to give breach notification to customers, maybe write a report and get audited and possibly get fined depending on the situation. Customers could demand compensation (probably doesn't make sense here).

unknown|7 months ago

[deleted]

csomar|7 months ago

Right. Because the solution to all of this madness is SOC2 compliance or something along those lines.

What happened is a perfect natural selection. The friend is a very small actor with probably a dozen customers not a multi-billion $$ company with millions of customers.

unknown|7 months ago

[deleted]

conradfr|7 months ago

Well his customers got a refund, that's nice ;)

But I guess the lesson is to vibe code to test the market while factoring a real developer cost upfront and hiring one as soon as the product gets traction.

unknown|7 months ago

[deleted]

api|7 months ago

In that world we’d just be transitioning to 32-bit software and still running MS-DOS since it’s certified. Linux would never ever have broken through. Who can trust code developed by open source cowboys? Have we verified all their credentials?

There are some industries where the massive cost of this type of lock down — probably innovation at 1/10th the speed at 100X the cost — is needed. Medicine comes to mind. It’s different from software in two ways. One is that the stakes are higher from a human point of view, but the more significant difference is that ordinary users of medicine are usually not competent to judge its efficacy (hence why there’s so much quackery). It has an extreme case of the ignorant customer problem, making it hard for the market to work. The users of software usually can see if it’s working.

majormajor|7 months ago

You, of course, say that like it's a bad thing.

I'll say video games would certainly be worse.

I don't know if we'd be worse off with a lot of other software and/or public internet sites of 20-to-30 years ago. A lot of people are unhappy with the state of modern consumer software, ad surveillance, etc.

Probably a lot less identity theft and credit card/banking fraud.

For social media, it depends on if that "regulate things to ensure safety" attitude extends to things like abuse/threats/unsolicited gore or nudes/etc. And advertising surveillance. Would ad tracking be rejected since the device and platform should not be allowed to share all that fingerprinting stuff in the first place, or would it just be "you can track if you check all the data protection boxes" which is not really that much better.

I'm sure someone would've spent the time to produce certified Linux versions by now; "Linux with support" has been a business model for decades, and if the alternative is pay MS, pay someone else, or write your own from scratch, there's room in the market.

(Somewhere out there there's another counterfactual world where medicine is less regulated and the survivors who haven't been victimized by the resulting problems are talking about how "in that other world we'd still be getting hip replacement surgery instead of regrowing things with gene therapy" or somesuch...)

sublinear|7 months ago

I think you're proving their point. There are different kinds of software that require different kinds of regulation.

0xEF|7 months ago

A reliable, un-bloated OS? Sign me the eff up.

__MatrixMan__|7 months ago

I disagree. Mature open source projects last long enough without significant disruption to still be relevant after they make it onto the certification exam. Products, not so much.

Investing time building familiarity with proprietary software is already a dubious move for a lot of other reasons, but this would be just one more: why would I build curriculum around something that I'm just going to have to change next year when the new CEO does something crazy?

And as bad as it might be for many of us who hang out here, killing off proprietary software would be a great step forward.

parliament32|7 months ago

...and this is where compliance comes in, and is the exact reason real companies won't talk to you unless you have (at minimum) SOC2. There's billions of products out there, how do you know if it's actually good software developed by a team, or some idiot like above vibe-coding slop into what appears to be a functional application? We all make fun of audits and checklist-based-security but it would've almost certainly prevented the above from happening.

mcv|7 months ago

Imagine vibe coding spreads to civil engineering and people start building bridges this way. Have AI design it and then probably 3D print it on location.

> legal consequences for exposing customer information.

Still a good idea. Also without taking vibe coding into account. Far too many tech companies are way too sloppy with customer data. Often intentionally so.

TRiG_Ireland|7 months ago

GDPR fines can accomplish this.

Zopieux|7 months ago

how dare you stifle innovation with your communist laws, I thought this was America

raincole|7 months ago

People really want to bring down the growth of the USA's software industry to EU level.

majormajor|7 months ago

Letting another country be the wild west and then cherry-picking the good stuff while regulating the nasty stuff doesn't seem like a terrible place to be for the, what, 99% of people who aren't Silicon-Vally-bigtech-execs-and-engineers getting all those profits?

Even in the US most software jobs are lower-scale and lower-ROI than a company that can serve hundreds of millions of users from one central organization.

But for the engineers/investors in other countries... I think the EU, etc, would do well to put more barriers up for those companies to force the creation of local alternatives in those super-high-ROI areas - would drive a lot of high-profit job- and investment-growth which would lead to more of that SV-style risk-taking ecosystem. Just because one company is able, through technology, to now serve everyone in the world doesn't mean that it's economically ideal for most of the world.

randmeerkat|7 months ago

> People really want to bring down the growth of the USA's software industry to EU level.

The EU is the only place hiring software engineers right now. Everyone in the U.S. just keeps laying them off.

energy123|7 months ago

It's a textbook case study of market failure in neoclassical economics caused by information asymmetry. If customers knew about the vulnerabilities, they wouldn't have paid money, or they would have demanded a lower price.

(no title)

discuss