> My knowledge of mechanics is great but solving climate change is a huge problem, both deeply technical but also social and political.
> More relevant would be a discussion about, say, memory safety, or auditing, or whatever that is actually on-topic and actionable.
It's curious that the first sentence mentions social and political issues, whereas the second sentence completely ignores them. The original comment of ChrisMarshallNY was addressing the social and political issues in tech, albeit vaguely.
You also mention valuing "iteration speed" without acknowledging the predictable devastation this has on quality.
Shipping less, and shipping slower, is on-topic and actionable.
The biggest barriers to addressing global warming are social and political. Many powerful people don't want to address it. Indeed, they've intentionally promoted the idea that the problem doesn't even exist. Purely technical discussions are futilely rearranging the deck chairs on the Titanic if they ignore this.
I do think that ChrisMarshallNY misdiagnoses the problem a bit:
> I feel as if the current tech community has a baseline ethos of “write code as badly as we can get away with,” and that ethos is rewarded.
The second clause of the sentence is redundant, because the first clause is the heart of the matter. Anyone who operates purely according to financial incentives will inevitably cut corners. Crap is profitable, for various economic reasons that are beyond the scope of this comment. In order to achieve high quality consistently, you have to care about quality, about craftsmanship, independently of financial awards. This doesn't mean you don't care about financial awards, just that you have to care about both quality and money. For lack of a better term, you need business ethics, where some ethical principles are inviolable. You can seek profit without seeking profit maximization.
Note that religion is largely independent of financial considerations:
> At that company, Quality was a religion, and they took it to the point of obsession.
See, now we’re getting somewhere. This is far more interesting than just going “we need quality”.
> It's curious that the first sentence mentions social and political issues, whereas the second sentence completely ignores them.
I didn’t talk about them here because I wasn’t really interested in getting into an argument about it. I think you know me well enough to agree that I am well aware of the social and political implications of these kinds of attacks, and that I do actually care about them quite a lot. It’s just that this comment section and even sometimes Hacker News in general is not a great place to talk about a country’s policy on offensive cyberattacks or industry opposition preventing moving to safer practices, for example.
> You also mention valuing "iteration speed" without acknowledging the predictable devastation this has on quality.
You know I don’t actually necessarily think this is as simple as you say it is. Obviously rushing to ship will lead to worse quality. But being able to iterate and release software faster can sometimes have a positive impact on quality. Compare the quality of our favorite vendor’s browser to, say, Google’s: I think it is quite reasonable to say that the software quality of the latter is actually far higher, and bugs get fixed faster, specifically because of their release cadence. Now, I don’t actually want to use Chrome and there are a hundred people working on sneaking in ads into it or whatever, but it’s not actually “ship slow and get it right”.
> Anyone who operates purely according to financial incentives will inevitably cut corners.
I think (vaguely, don’t hold me to this) that societally we do too little to punish this and that uncut corners should be valued more highly. But again you don’t hear me going “yeah everyone sucks because of money” as my comment because I don’t think this is a novel insight and I have nothing more to add. This was the reason why I said the software quality discussion wasn’t super interesting.
> the social and political implications of these kinds of attacks
> Hacker News in general is not a great place to talk about a country’s policy on offensive cyberattacks
That's not what I was referring to. By "the social and political issues in tech", I meant the general issues involved in building software, the internal and external cultures of the software developers.
> But being able to iterate and release software faster can sometimes have a positive impact on quality. Compare the quality of our favorite vendor’s browser to, say, Google’s: I think it is quite reasonable to say that the software quality of the latter is actually far higher, and bugs get fixed faster, specifically because of their release cadence.
You might have cause and effect reversed here. You suggest that the results are due to the engineering practices of the companies, whereas I would suggest that the engineering practices of the companies are a result of the values of the companies. It does appear to me that Google inherently cares more about security than Apple, and as far as I can tell, Google has more of an engineering-led culture than Apple.
Having said that, I don't think this is as simple as you say it is. ;-) For example, Google Chrome has a user-hostile silent forced updates system, which is what allows them to ship constant updates, whereas Apple Safari has a more user-friendly system where there's visibility and choice: you can see the pending updates in System Settings and choose when or even whether to install them. The latter type of update system is much less conducive to constant, frequent updates, because that would annoy users.
I don't understand why Apple has chosen to tie Safari updates to OS updates, on iOS and on the latest macOS, especially since the same Safari updates are not tied to OS updates on macOS N-1 and N-2. I mean, I understand why the major OS updates in the fall bring major Safari updates, but I don't understand why the subsequent minor Safari updates couldn't come separately, which will give Apple more flexibility to patch security vulnerabilities and other bugs in Safari.
Back to Chrome, I'm not sure I agree that its release cadence is good. First, Chrome has a public release schedule, and schedules are the death of software quality. Fixing bugs as soon as you can is fine, but forcing yourself to release things at certain fixed dates, simply for the purpose of releasing something, is not fine. The calendar is governing the release, not the readiness of the software. Moreover, Google Chrome is constantly, constantly, constantly introducing new features and other changes that have nothing to do with fixing bugs, which means that Google Chrome is constantly, constantly, constantly introducing new bugs, including new security vulnerabilities.
Apple also has a schedule: major new OS updates go out every September, no matter what. And this practice, the forced schedule, creates major quality issues. Ready or not, the updates must ship. Apple has more flexibility between Septembers, but unfortunately, contemporary Apple has also adopted the practice of using "minor" updates to constantly, constantly, constantly introduce new features and other changes that have nothing to do with fixing bugs. Part of the reason behind this is that Apple's forced yearly schedule doesn't give the company the time to finish things they've been working on and even promised at WWDC (another forced yearly schedule with self-imposed big announcements).
All of this is in stark contrast to "the good old days" when major Mac OS X updates had no fixed schedule. Of course the 10.N updates were still buggy, as major software updates always are, inevitably and predictably, but the major updates were infrequent, and they weren't forced on users. To the contrary, you had to go to a retail store and pay $129 for the privilege of receiving the discs to install a Mac OS X 10.N.0 version. The early adopters were self-selecting. And the minor 10.N.M updates were almost exclusively bug fixes without new features, so you had increasing quality over time, up and until the next major update.
> I think (vaguely, don’t hold me to this) that societally we do too little to punish this and that uncut corners should be valued more highly.
Perhaps, but I consider reward and punishment to fall under the same rubric as "incentives". And "getting tough on crime" rarely if ever works, for various well-known reasons. For example, wrongdoers don't believe they'll get caught, until they do get caught, making the punishment largely irrelevant to preventing the actions. And powerful people are very good at escaping the worst punishments even when they do get caught, as the powerful people tend to control the system of rewards and punishments.
IMO the only effective way to encourage good behavior and discourage bad behavior is to teach and foster personal ethics. The "incentives" have to be internal to one's own mind rather than external to one's body. Ethics make you do the right thing even when nobody is watching, even if you never get rewarded or punished. No system, no matter how "perfectly designed" can turn a bunch of bad people into a good, well-functioning society. The quality of the society depends essentially on the personal qualities of its members.
I understand what you're saying but it seems to mostly focus on bugs of the "my app is broken because the OS has APIs that don't work" variety not security exploits.
> More relevant would be a discussion about, say, memory safety, or auditing, or whatever that is actually on-topic and actionable.
It's curious that the first sentence mentions social and political issues, whereas the second sentence completely ignores them. The original comment of ChrisMarshallNY was addressing the social and political issues in tech, albeit vaguely.
You also mention valuing "iteration speed" without acknowledging the predictable devastation this has on quality.
Shipping less, and shipping slower, is on-topic and actionable.
The biggest barriers to addressing global warming are social and political. Many powerful people don't want to address it. Indeed, they've intentionally promoted the idea that the problem doesn't even exist. Purely technical discussions are futilely rearranging the deck chairs on the Titanic if they ignore this.
I do think that ChrisMarshallNY misdiagnoses the problem a bit:
> I feel as if the current tech community has a baseline ethos of “write code as badly as we can get away with,” and that ethos is rewarded.
The second clause of the sentence is redundant, because the first clause is the heart of the matter. Anyone who operates purely according to financial incentives will inevitably cut corners. Crap is profitable, for various economic reasons that are beyond the scope of this comment. In order to achieve high quality consistently, you have to care about quality, about craftsmanship, independently of financial awards. This doesn't mean you don't care about financial awards, just that you have to care about both quality and money. For lack of a better term, you need business ethics, where some ethical principles are inviolable. You can seek profit without seeking profit maximization.
Note that religion is largely independent of financial considerations:
> At that company, Quality was a religion, and they took it to the point of obsession.