Become a fan of Slashdot on Facebook


Forgot your password?
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment It's not just healthcare, either (Score 2) 122

You make a good point, but it applies beyond healthcare too.

May I introduce you to the auto industry? They'd like to sell you a new car that is always on-line, accepts OTA updates, and runs the safety-critical vehicle control systems on the same bus as the infotainment controls. What could possibly go wrong? (It's ironic that among the reports of hacks and abuses over recent months, there was also a report suggesting that many customers didn't use or actively didn't want a lot of these new electronic gadgets in their vehicles anyway. The only developments that almost everyone seemed to support were the directly safety-related driver aids.)

Then we have the financial and insurance industries, whose only requirement for any software they make sometimes seems to be "minimise fraud". Obviously that's an important commercial requirement, but meanwhile, they still can't reliably do basic things like sending money from person A to person B, providing secure and usable on-line banking facilities, providing working IT for their in-branch staff, or sometimes even keeping accurate records of who is authorised to access an account or facility.

Comment Re:Aaaand *NOTHING* happens to them... (Score 4, Insightful) 122

We could call the licensed programmers "Software Engineers", and have it actually be true.

The trouble is, it wouldn't be, because we're probably still several decades away from the kind of maturity and evidence base we'd need in the industry to actually do software development as a true engineering discipline. It's a laudable goal, but we don't know how to do it yet.

Comment But who will watch the watchers^Wregulators? (Score 1) 122

The good thing is that licensed professionals have to adhere to professional standards or become liable.

The problem is who sets those standards.

No-one knows how to write perfect software, because there is no such thing. Even with technically perfect implementation, there are always questions of requirements and design where at some point the specification of what you need isn't in a neat, unambiguous, technical form.

Very few people in the world know how to write highly robust and secure software, and the cost of doing so is often high. A few more people are exploring various potentially better ways of doing things, which might improve the situation in the long term, but for now there isn't a large and reliable body of evidence to support most of these ideas. Crucially, in many cases today, even skilled and diligent professionals who will all do good work may genuinely disagree about which tools and techniques they prefer to use and why.

Regulation and licensing would most likely be based on "best practices" determined by some central organisation, but there is a tiny pool of candidates who are even remotely qualified to make such judgements and a tiny body of evidence to support it. Realistically, that means the people settings the standards probably won't be the real experts, such as they are. No, the regulators will more likely be people like those consultants who sell a different trendy methodology every few years, and the idea of giving those vacuous salespeople a louder voice than already have and actual legal powers over how other professionals develop software is more terrifying than any bug.

Comment Re:A significant difference between HW and SW sale (Score 1) 318

I'm certainly not arguing that MS are perfect when it comes to support. After all, we're having a discussion about how badly MS may be treating their customers with Windows 10.

However, generally until the run up to Windows 10 my experience has been that they're a lot better than the likes of Apple and Google at supporting their products for extended periods. Not only do they publish much longer support periods for security fixes, in the past they've also reportedly to gone to extraordinary lengths to maintain backward compatibility in new Windows releases, so fewer customers would lose functionality following an upgrade.

The really impressive thing is that they did this even though the problem often wasn't really Microsoft's fault at all and was instead due to other software developers relying on undocumented behaviour and unpublished APIs where they shouldn't have been. I'm not sure we can expect that level of customer support from them any more, sadly.

Comment Re:A significant difference between HW and SW sale (Score 1) 318

Given that just about every PC, monitor, storage device, networking device, and other major peripheral around me as I type this has a formal warranty that indicates the minimum support period and the OS I'm running (Win7) has a published lifecycle that tells me exactly how long as a minimum I can expect security patches for, yes, I could. Short of the relevant businesses literally going under, in which case obviously no guarantee is worth much, I can count on support for these systems for several more years.

In contrast, as I've just highlighted in another comment, if I had bought a MacBook this time last year running OS X 10.9, there would already be at least one major security vulnerability that Apple has declined to patch in its OS. Or just look at the iOS 7 and App Store policies that make iPhones around generation 4-5 or iPads around generation 3 all but useless unless you chose to risk the OS upgrade, even though these devices were state of the art gear around 3 years ago and still run perfectly well in hardware terms today.

Comment Re:A significant difference between HW and SW sale (Score 1) 318

Just to be clear, I'm not talking about hardware issues here. I'm talking about not issuing security patches for serious vulnerabilities in versions of OS X that would have been shipping on brand new devices at little as a year ago.

There's really no excuse for not providing proper security fixes for the original OS supplied with a device for the useful lifetime of the device. Any security patch is by definition fixing a serious defect in the original product and clearly Apple's responsibility. I don't necessarily expect them to provide other updates and general improvements if the user isn't willing to update to the latest version of OS X as a whole, but not providing security fixes without insisting on updating other things the user might not want and didn't expect when they paid their money (and Yosemite was full of those) is a whole different thing.

They sold a broken product, and not a cheap one at that, and they should put that right without forcing other changes in the process. In fact, in my country, general consumer protection laws would probably compel them to if anyone chose to press the issue, or to provide other compensation or ultimately a refund for the defective product if they couldn't repair it properly. Whether the latter would be the better commercial strategy for Apple would presumably depend on how many people disliked the new OS enough to decline the general update and insist on a fix for their original version.

Comment Re:Half the story (Score 3, Insightful) 318

I don't care what they do with home versions, but I take issue with not being able to do this in Pro. An individual cannot buy Enterprise.

I've been wondering about that. If it's still going to be true once they've got their act together, then presumably that also affects most small businesses? That could be a very expensive strategic mistake. The hoi polloi will put up with a lot, and big businesses will do their own thing and probably not update for a long time anyway, but alienating the smaller and more agile businesses that might have updated sooner seems unwise, and alienating the geek community -- who run IT in those businesses and advise their less geeky friends -- seems downright commercially suicidal.

Comment Re:A significant difference between HW and SW sale (Score 1) 318

The flip side of that is that Apple's long-term support can be awful to non-existent.

Don't feel bad if that recommended and conveniently non-reversible update to iOS renders your three-year-old tablet or phone unusable. Here, try an iPad 7, that runs the new version just fine!

Oh, and that similarly ancient business laptop? You would have been secure against the malware you just got hit by if you'd only installed OS X Jungle Gryphon. Well, maybe. Or maybe you wouldn't. You see, we're not going to give you any sort of clear indication of how long we will support our hardware or OS versions for, and certainly not any sort of binding commitment, because that sort of nonsense is for chumps. Besides, even if we did, you'd have no idea which animal versions were included anyway.

Comment Or not (Score 3, Insightful) 318

If you're running automatic updates on 7 or 8 you already have the same "telemetry" components as well.

No, I don't. You see, the great thing about still being on Windows 7 is that I'm not forced to install whatever user-hostile updates Microsoft deems necessary. So I didn't.

By the way, neither did a lot of other people. Many of the professionals I know have been "security updates only" for quite a long time, even on personal use machines rather than work ones. Plenty more joined the fold recently after the Win10 nag message update.

It frustrates me that the casual press keep repeating the dogma that the forced updates in Windows 10 are a good thing because security experts recommend applying all patches immediately or similar, as if Microsoft hasn't been pushing non-security updates for years.

Comment Re:weasel words = gaping hole (Score 2) 318

It's worth pointing out that laws in this sort of area vary widely. I don't know where you're based, but I don't know a lot of lawyers who'd be comfortable defending that position in much of Europe, for example. On the other hand, it wouldn't surprise me at all to find the law allowed that kind of behaviour in the US.

Comment Re:Surge Pricing - Why The Hate? (Score 1) 250

Humans aren't smart enough to do central planning well (even though many try with many things even today), and certainly humans *in government* aren't smart enough to do central planning.

And yet the last time I got the train home and couldn't get a cab immediately outside the station, whatever time it was, was probably in the last millennium. I have never had a problem booking a cab for exactly the time I wanted if I had more than an hour or two of notice, and without that, the worst I've seen in recent years has been a delay of maybe 20-30 minutes instead of the usual 10-15 if I'm not in a central location.

The regulated rates we have here in the UK are nothing like surge pricing. They are fixed typically for years at a time with only a very small number of different rates based on things like working overnight or on public holidays. And yet despite your claims, my experience is that we're doing just fine with them as they are, and your hypothetical failures simply don't happen in practice. Taxi drivers make a reasonable but not excessive rate working typical hours, taxi companies co-ordinate their drivers pretty well and also make enough money doing so to be commercially viable, and taxi passengers have reasonably consistent service and predictable pricing. Taxi drivers already gravitate towards high-demand events when they happen, because they typically have flexible hours and they'll often put in a bit more time if there are effectively guaranteed fares available for a while.

The only way I can see a business like Uber managing to undercut the existing market to an extent that saves passengers a significant amount of money and yet still makes a worthwhile profit for Uber themselves is by cutting corners. For example, they could pass hidden running costs onto their drivers, or they could try to avoid subjecting the passenger-carrying vehicles to the same inspection routine that licensed taxis are required to follow. But obviously there are reasons the existing rules are what they are, and I see no good argument for allowing them to exploit their staff or compromise passenger safety so your ride can be maybe 20% cheaper.

Comment Re: Police state San Jose (Score 1) 258

You're right, there are basically two ways to go to combat the damage caused by incomplete or inaccurate disclosure: disclose more to try and fix the misleading parts and result in fairer judgements, or disclose less so making those judgements in the first place is unrealistic.

As you say, in an ideal world, the extreme transparency approach might not be so bad. However, it does rely not only on symmetry of who has information but also on symmetry of the power gained from having that information. Until you're as powerful individually as the employer or government or financial institution you're "negotiating" with, and all the individual humans working on behalf of those organisations can be trusted to make unbiased and rational judgements about you given comprehensive data, that power symmetry isn't going to be possible.

Knowledge might bring power, but money brings power too, and so does having property someone else needs, and short of armed revolution not much brings more power than controlling the police and courts and jails. Transparency will only ever equalize the first of these on its own, and while laws and regulations about discrimination and reviewing automated decisions and due process can go some way to mitigating those other imbalances, until humans give up prejudice and bigotry and fear of the different or unknown, there will always be a dramatic asymmetry in real power. Forcing those with more of it to make neutral, blind judgements is the most effective tool we've yet discovered for keeping things as fair as possible.

Comment Re:Surge Pricing - Why The Hate? (Score 1) 250

With traditional taxis, this doesn't happen: why should a driver bother driving at odd hours if they're not going to get paid more for it?

There is a simple, middle-ground alternative: if you have regulated taxis and fixed prices, you increase the regulated rates that cabbies can charge at busy or antisocial times, providing that incentive while also retaining regulated and therefore predictable pricing. We've been doing this in the UK just about forever.

Comment Re: Police state San Jose (Score 1) 258

I think scale matters. One or two people recognising you as you go about your day is probably no big deal whether you live in a city or a little country village.

On the other hand, a system recognising you visiting the same house after school every Tuesday, knowing from other information that the owners are out at that time so their 15-year-old daughter is home alone, knowing you are an unmarried 50-year-old male and knowing that you googled the girl's school recently as well starts to look like a recipe for aggressive intervention by the police and/or social services. If you survive that, a human might finally realise you were just helping your old friend's kid catch up with her maths homework, which they might have guessed sooner if they'd also noticed you were a maths teacher, but unfortunately no-one programmed the system to check for that detail.

The most difficult thing in the world is to know how to do a thing and to watch someone else doing it wrong, without commenting. -- T.H. White