Most services, including hacker news, won't let you delete accounts. They could, but it would require more effort during implementation. It's easier for us engineers to say "accounts can never be deleted", and base the whole system on that. But that decision takes control from customers.

Here's another one: Someone coded that backdoor we found in all linksys routers a few years ago. A manager somewhere, maybe at the NSA, maybe at linksys, said to a developer "I want you to write a backdoor into all these production routers so they'll expose everything if you send a certain request over HTTP. We want that request to be the same for every router.", and the developer did it.

I think software engineering ethics with regard to how we implement things is in an ok place. It's improving, and that's an ok place to be.

Software engineering ethics with regard to what we implement, on the other hand, has never been worse.

I'm really tired of these "software isn't engineering because..." arguments. I think the first thing we need to do in order to have our profession move on to the next stage of maturity is to stop relying on arbitrary definitions and lines in the sand regarding what engineering is.

Let's look at the Wikipedia definition:

"Engineering (from Latin ingenium, meaning "cleverness" and ingeniare, meaning "to contrive, devise") is the application of scientific, economic, social, and practical knowledge in order to invent, design, build, maintain, research, and improve structures, machines, devices, systems, materials and processes."

That's it. By this definition, software development is engineering. Note that it doesn't say anything about how robust the structures, machines, devices, systems, materials and processes must be in order for the profession to count as engineering. Even the most fragile thing could have been designed and built by an engineer.

The root of the word is actually interesting: it comes from the Latin word "ingenium", which means "cleverness." This is especially important in our field since a large part of software development involves clever hacks. Think about that next time you frown upon such a hack.

The inferiority complex with regards to "engineering"[1] seems to run deep in many programmers' mind.

[1] Which is a very, very broad term to begin with in this day and age, anyway.

In order to safely make changes to any one part of a codebase, an engineer needs to understand how it all fits together and have all that context in their head to ensure changes don't have unintended consequences.

There are design patterns that make this easier of course and less error prone, but there's no enforcement at compile time, and with people coming and going it all goes out the window.

I think we can solve a lot of these problems with much, much stricter and smarter compilers. Eventually, I hope we'll all be writing software for which the compiler will be able to tell you authoritatively you've written the thing you set out to write and there are no bugs. As software complexity grows, no one or two people will be able to keep a whole understanding of the system in their heads (already true a most of the time). It follows for me that the only way to confidently make changes to a system you don't understand is to automate that understanding.

That's why I love what Rust stands for. It's a first step to be sure. However, it makes the assertion that the only way to allow people to reliably develop software they don't understand is to have the compiler 'understand' it for them (I use understand loosely of course).

Anyway, I hope for a future where programmers will be able to specify all contracts, invariants, etc. in code, and have them be checked upon compilation. And not only for "smart" programmers, but the pretty bad ones, too.

Theoretically is this even possible? We simulate this with tests, and code-coverage analysis, but in the end all programs deal with unknown inputs, by definition.

Past failures can not always predict future failures properly in a Moore's Law regime. For instance, as everyone knows, tablet computing is a totally stupid and repeatedly failed idea, except, iPad. Computer vision is a complete waste of time, unless you have GPUs sitting around that can chew through billions of operations for cheap. Etc.

This "old idea" is getting somewhere now. It's only early days.

More like have the compiler make sure (and let it be able to make sure) that you didn't screw anything up. You still have to understand ownership and lifetimes, so I don't get what 'understanding' you're offloading.

I think this is important because it addresses both the need to move quickly and the desire for responsibility.

There's also the feeling of the code writing itself. In some places you can literally put in different functions until it typechecks which is great for exploring a problem domain.

In the future I hope to be able to recommend Idris as well.

It's as though we said "Yes, the next generation of calipers will add an additional factor of ten in precision to our machinist's work and so increase our responsibility!"...and then those machinists go on to build gas chambers.

We cannot confuse the quality of the tools with the broader notion of ethics and responsibility, even if it's the only thing we have actual control over.

I don't think you can flag a discipline as engineering by it's industry, but mostly by the way it is being practiced.

And recently, Intrado, the big 911 company, had their system go off due to a hard coded limit on the number of calls that could ever run through it. Took down 911 for many people for nearly a day.

And not to mention how they handled address updates - in short, users would be sent to the wrong state, knowingly, until "data validation" workers manually fixed things. And they thought this was swell. (Bottom line, don't trust 9-1-1 over VoIP until you've verified it.)

Even across the US, just the format of some 911 operator consoles' data exchange isn't consistent. One PSAP was complaining that their system would show invalid data for certain calls containing lat/long, just because they were flagged as VoIP. Some dumb vendor made a poor assumption, and wrote a fail-close system that affected real people. Oops.

And next gen 911? It's been a while since I've seen the working group plans, but they basically wanted to connect every PSAP (locally underfunded answering points, about 7000 in the US) to the Internet. I don't think anyone knows how to secure such a thing, let alone when each node is autonomous. I'll let you think about how awesomely that can fail.

(All this said, the people answering the phones do an incredibly hard job for little compensation. I still almost start crying just remembering a call I audited when they weren't connected right -- company forgot to provision some payphones, panicked woman was literally dying and didn't know where she was (call disconnected with no definitive resolution, but I believe she saw a passing patrol and was able to get assistance). I've no idea how responders can handle that kind of load every day... OTOH the majority of calls are just idiots calling for non emergencies.)

The real telco engineering was possible inside a very closed and end-to-end operated system. Even then, we saw fun stuff like inband signaling allowing random end nodes to takeover the system.

I'd be shocked if banking was a whole ton better - everything indicates they're just as incompetent.

All of the aforementioned fields have different requirements, and honestly many of them don't need ethics. In computer games, for example, I don't think that "ethics" beyond a mere "okay, well, it sorta passes QA" is sufficient. In fact, in many cases, the rate of release of software and low barriers to entry have basically obviated the need for a sort of professional ethics to protect the consumer: any software that is grossly unreliable tends to be replaced in short order in any space (say, the social web) by a competitor. It's in the aloof silos of, say, aerospace or healthcare IT where the true garbage is fermented, because they have nobody breathing down their necks as long as the paperwork looks right.

Also, I think that we don't get and don't take enough credit in our profession for how deeply we influence businesses. Done correctly, a team of programmers should be able to automate away everyone at the company who isn't directly interfacing with customers--themselves included. What does ethics have to say about such a situation, especially when the people making requests don't understand how the business itself is implemented?

*Sure, it's not a big deal if the free player just loses some time trying the game out before dropping it, but what about the player who put in $20 thinking it would get them X, but it turns out that actually only got them 10% of the way to X?

Aerospace code isn't "engineered" better. It's simply done with an eye towards accountability.

So really - not slowing down enough to finish something is a competitive edge? I don't believe you. We are not talking about that much time here.