Microsoft indeed improved quality a lot, though Windows 7 inexplicably grinds to a halt and sometimes outright hangs on my desktop occasionally (one can blame my Wacom tablet but that contradicts the thesis of driver verification working wonders), and Windows 8 periodically renders the laptop unusable, using near-100% of the disk bandwidth (I tried like 5 tweaks recommended on the web for this problem, nothing helped.)
> Who crashed Colgan 3407? Actually the autopilot did. … The airplane had all of the information necessary to prevent this crash. The airspeed was available in digital form. The power setting was available in digital form. The status of the landing gear was available in digital form. …
> How come the autopilot software on this $27 million airplane wasn’t smart enough to fly basically sensible attitudes and airspeeds? Partly because FAA certification requirements make it prohibitively expensive to develop software or electronics that go into certified aircraft. It can literally cost $1 million to make a minor change. Sometimes the government protecting us from small risks exposes us to much bigger ones.
(I agree that Apple's cash hoard does not make $1M sound like a lot, however, they also have much more software to tend to.) Overall, it seems that today you have to trade correctness for features and development time, and the cost in features and development time cannot be borne by a market participant unless the market is regulated so that all competitors have to do it, in which case the user is going to get way, way less functionality. I believe that the cost of bulletproof correctness might drop significantly enough at some point to change the game - and I really, really hope formal methods will take off big time, without being sure they can - but it doesn't seem like we're there yet. (This is my opinion, not data, of course; the one thing that I think $millions buy that works very well without costing too much time or features is automated testing.)
But that is not nearly as bad compared to having to rely on software developed the way they do in the aerospace business! From http://blogs.law.harvard.edu/philg/2010/02/09/public-tv-figu...:
> Who crashed Colgan 3407? Actually the autopilot did. … The airplane had all of the information necessary to prevent this crash. The airspeed was available in digital form. The power setting was available in digital form. The status of the landing gear was available in digital form. …
> How come the autopilot software on this $27 million airplane wasn’t smart enough to fly basically sensible attitudes and airspeeds? Partly because FAA certification requirements make it prohibitively expensive to develop software or electronics that go into certified aircraft. It can literally cost $1 million to make a minor change. Sometimes the government protecting us from small risks exposes us to much bigger ones.
(I agree that Apple's cash hoard does not make $1M sound like a lot, however, they also have much more software to tend to.) Overall, it seems that today you have to trade correctness for features and development time, and the cost in features and development time cannot be borne by a market participant unless the market is regulated so that all competitors have to do it, in which case the user is going to get way, way less functionality. I believe that the cost of bulletproof correctness might drop significantly enough at some point to change the game - and I really, really hope formal methods will take off big time, without being sure they can - but it doesn't seem like we're there yet. (This is my opinion, not data, of course; the one thing that I think $millions buy that works very well without costing too much time or features is automated testing.)