It seems odd though. Don't you have the right to bear arms, with some idea that it is needed to prevent the government from exercising excessive powers over you, yet actually doing anything with those guns to protect yourself from tyranny is a crime?
I remember hearing once that the constitution, having been written by a bunch of insurrectionists, intended people to have the power to keep the government out of their business. It seems they have lost that?
> Don't you have the right to bear arms, with some idea that it is needed to prevent the government from exercising excessive powers over you, yet actually doing anything with those guns to protect yourself from tyranny is a crime?
Because when it comes to that, the government is a failed state and no one will be worried about what’s legal.
It’s not meant to be a means of legal recourse, it’s a last resort.
> except small roads in the countryside you are potentially being tracked by ANPR.
They do put them specifically whereever those roads join major roads though. Meanwhile the crime stats in the UK make chilling reading, as the focus on replacing Police officers with cameras, replacing courts with... nothing has lead to many crimes skyrocketing, especially those that are not associated with driving a car.
Yep, I mean "proper" countryside - I grew up out in the villages (all little B roads and unclassified roads) and it's still like the Wild West out there really.
A lot of people still habitually drink drive (not getting completely smashed, but a few pints at a country pub then drive home) and realistically as long as you don't crash you could do that for decades and probably get away with it.
There's almost no cameras and also almost no actual police
We have (a relatively recent phenomenon) elected Police and Crime Commissioners. They are elected with a tiny turnout. Next election in your area see if a candidate is anti-surveillance and run a campaign to support them. 10,000 extra votes to any of the mainstream candidates will get them elected.
Another addition to this thread of things that will never happen.
I don’t believe Flock cameras are used anywhere in the UK?
Pretty much all public cctv cameras that are installed on the side of public roads, like Flock are in the US, are publically owned, either by Police forces, Local Councils or National highways.
In 1950s UK every country kid had a catapult in their pocket. Maybe that is what we should do. Give the kids catapults and tell them not to use them on Flock cameras. That is usually effective at making kids so stuff
A lot of responses below talking about what a 'certified' or 'chartered' engineer should be able to do.
I thought it would be noteworthy to talk about another industry, accountancy. This is how it works in the UK, but it is similar in other countries. They are called 'Chartered Accountants' here, because their institute has a Royal Charter saying they are the good guys.
To become a Chartered Accountant has no prerequisites. You 'just' have to complete the qualification of the institute you want to join. There are stages to the exams that prior qualifications may gain you exemptions from. You also have to log practical experience proving you are working as an accountant with adequate supervision. It takes about 2-3 years to get the qualification for someone well supported by their employer and with sufficient free time. Interestingly many Accountants are not graduates, and instead took technician level qualifications first, often the Association of Accounting Technicians (AAT). The accounting graduates I have interviewed wasted 3 years of their lives...
There are several institutes that specialise in different areas. Some specialise in audit. One specialises in Management Accounting (being an accountant at a company really). The Management accountants one specifically prohibits you from doing audit without taking another conversion course. All the institutes have CPD requirements (and check) and all prohibit you from working in areas that you are not competent, but provide routes to competency.
There are standards to follow, Generally Accepted Accounting Practice GAAP, UK Financial Reporting Standards FRS and the International equivalent IFRS. These cover how Financial Statements are prepared. There are superate standards setting bodies for these. There are also a set of standards that cover how an audit must be done. Then there is tax law. You are expected to know them for any area you are working in. All of these are legally binding on various types of corporation. See how that switches things around? Accountants are now there to help the company navigate the legal codes. The directors sign the accounts and are liable for misstatements, that encourages them to have a director who is an accountant...an audit committee etc.
How does that translate to software?
There are lots of standards, NIST, GDPR, PCI, some of which are legally or contractually binding. But how do I as a business owner know that a software engineer is competent to follow them. Maybe I am a diving company that wants a website. How do I know this person or company is competent to build it? It requires software engineers with specific qualifications that say they can do it, and software engineers willing to say, 'I'm sorry I am not able to work in this field, unless I first study it'.
I’m big on increasing accountability and responsibility for software engineering, but I’ve learned about SEI CMMI, and worked in an ISO 9001 shop.
In some cases, these types of structures make sense, but in most others, they are way overkill.
It’s a conundrum. One of the reasons for the crazy growth of software, is the extreme flexibility and velocity of development, so slamming the brakes on that, would have enormous financial consequences in the industry (so … good luck with that …).
But that flexibility and velocity is also a big reason for the jurassic-scale disasters that are a regular feature of our profession. It’s entirely possible for people that are completely unqualified, to develop software full of holes. If they can put enough lipstick on it, it can become quite popular, with undesirable consequences.
I don’t think that the answer is some structured standard and testing regime, but I would love to see improvement.
As an accountant I am able to enforce an accounts regime appropriate to my entity, with concepts like 'materiality' to help. I'm not sure about ISO9001, I'm more familiar with PCIDSS, and I found it to be very proscriptive, and 'all or nothing', compared with accounting standards. For instance in a small company, it is perfectly reasonable to state verbally to your auditor that your control over something is that you are close enough to the transactions to see misstatements by other people sat in the same room. Or even that you have too few people to exercise segregation of duties controls. In a larger company it is not ok. I don't see that same flexibility in other kinds of standards
I've been thinking this way for several years now, what a fool I was! Corporations are the elite of society now. They can't fail, they pay off everyone of any importance, i.e., not you or I. The dog and pony show in congress involving FB is further proof they can do no wrong as long as they explain the law to the dolts in congress. (While being watched by SCOTUS, who are laughing their asses off.)
The rule of the corporate thumbs for several decades now is: it's more profitable to pay a fine then follow the law. (And if congress isn't keeping up with current tech which needs new laws to protect consumers, who cares?)
Lol what an amazing con the oligarchs managed to pull. They get to reap all the rewards of their parasitic selfish behavior with basically none of the risk. Just make a corp.
Lets take the article at face value: "The financial technology company said it has reversed the code change that caused the incident, blocking attackers' access to the data one day after discovering the breach."
Great thats your bug. Key word here being BUG. Your name next to the commit that caused this.
Should you go to prison? Probably not.
Tell me you never had a bug, a security hole, never took production down. Never made a mistake. Tell me that you want to go to jail for human error. Not intent, error.
The defense for the civil engineer is that his design was in accordance with usual and customary engineering standards. If he did something unusual or new, he might be liable if that was the root cause of the failure. If he signed off on a sound design, he's probably OK.
Should work the same with software. The problem is that nobody learns that, schools don't teach it (school isn't even required to be a software developer), and there are no licencing bodies that set and enforce the standards. And, ultimately, most software failures don't cause death or injury.
Not OP, but 40 years in software, so here’s your answer — abstraction is the essence of programming. Get good enough at this, with a poor moral compass, and you can justify your code doing anything with no accountability whatsoever.
Corporate software engineers learn early on that they’re only responsible for their keystrokes (e.g., bug tickets, code formatting), not for the effects of their work (e.g., more efficient distribution of child pornography).
Most developers are so inured to this that they react defensively by reflex to any suggestion that their code should have done _anything_ other than what it did. They’re not responsible, see?
Quite possibly cause software engineering feels like tofu dreg construction all of the way down - it's a bunch of suits pushing devs to make features with ever changing technologies and practices where the framework/technology/approach of the year/month/week eats up all of the focus and nobody ever establishes proper good baselines and standards of what "good code" is and instead the nerds argue ad infinitum about a bunch of subjective stuff while drowning in accidental complexity, made worse by microservices, AI slop and chasing after zero downtime instead of zero bugs. It's bad incentives all the way down. On the other end of the spectrum, you have codebases that perhaps should have taken advantage of some of the newfound wisdom of the past 40 years, but instead they're written in COBOL or FORTRAN and the last devs who know the tech are literally dying out.
There's nigh infinite combinations of tech stacks out there and because corpos literally won't incentivize people to not job hop, you don't really get that many specialists with 20 years of experience in a given technology that at least have a chance at catching the stuff that formal code analysis and other tooling didn't because nobody cares that much about validating correctness past saying "Yeah, obviously you should have some test coverage." To give an example, whoever came up with the idea of wiring up the internals of your app at runtime on startup instead of during compilation, a la the majority of Spring and Spring Boot, should go to jail. And everyone who made dynamic languages as well. And whoever pushed the idea that there should only be a loose contract between the networked parts of a system (e.g. not something MORE correct than SOAP).
Put everyone in jail for daring to be employed in that shitshow: devs, execs and the tech vendors as well, for not prioritizing the code correctness like you would in a spaceship (aside from Ariane 5) or a plane (aside from MCAS) or proper financial systems (aside from Knight Capital) or CPUs (aside from the Pentium FDIV bug). Sure, there plenty of proper engineering out there, but my experience makes me view the claim that we should treat software like "real engineering" as a sick joke, when so much of the stuff I've seen and used isn't, about the same confusion that you'd get when you'd suggest that 100% code coverage is something that you should do if you're serious, though obviously that would make you never ship and we can't have that. Software is like the Wild West except people pretend to be serious, some days it feels like the only winning move is not to play (and to starve).
Sorry about the rant, pissed off at the status quo and the state of the industry, it feels like building a house of cards, except some of the cards aren't even rectangular. They wasted millions in my country to make a not working e-health system, for a country of like 2 million people. I'm not surprised in the slightest that breaches and fuckups will happen with the large orgs too aplenty. It's absurd, the world we live in.
It may well be a terrible analogy, but your comparison is also terrible.
Basic expectation for any web business is security sufficient to not leak PII (and it's the law almost everywhere). Meanwhile no-one expects, as a basic requirement, that buildings withstand plane crashes.
When buildings don't meet basic safety requirements then people sue. It's a regular occurrence, unfortunately.
I have an image of running his command, 'ciaclean', and a black van turnes up with a bunch of agents in coveralls, brandishing rolls of polyethylene sheeting and drums of acid.
The market is not there at all though is it? Nobody is paying what it actually costs to deliver AI services. It is not clear to me that it is cheaper than just paying people to do the work.
Someone did a calculation using heat generated - energy usage (which is ultimately the base cost of the universe) - and the human brain and body is just incredibly most cost efficient than how we're doing AI. So for basic tasks it's just absurdly expensive to be using AI instead of a human.
reply