I recently left Google having worked on a number of projects with various YouTube teams. I think I can explain why it's being handled this way by YouTube.
This is a fairly nuanced/involved issue, so the task of classifying the bug likely made it's way to one of the engineers responsible for the implementation of this feature.
That engineer has already launched this project, and filed it away under their GRAD (performance) artifacts for when promo/annual review talks roll around. There's no motivation for this engineer to waste time fixing this bug because it won't benefit their promo packet, and they are already being put under pressure to launch other projects which _will_ benefit their promo packet.
So they do what they can to sweep it under the rug because that's what the promo/annual review framework (GRAD) incentivizes and rewards.
If I ignored a safety issue that I discovered - not one I caused by design but even one I discovered in an existing design -
because of a performance review my engineering licence would be revoked and I would be kicked out of the industry.
This is a prime example of why programmers are not seriously considered engineers.
That's why trains work, but Google's shitty YouTube often does not: Terrible, terrible video player, tons of crap on the page, broken buffering all the time, huge memory and CPU hog, need to log in to even watch a video if using a VPN, insane key bindings that are switched around depending on full screen mode or not, stupid and manipulative ads that only the uninformed or simple minded can tolerate, and the list goes on. Found a bug? Keep it! You won't reach another human at Google being to tell them about it anyway!
We watch ads. We are tracked like animals. That time, attention and loss of privacy *is* payment. For this, it’s reasonable to expect a service that aspires to rise above shit-show.
Software engineers have a widely-shared belief that most software issues are far less severe than those found in civil engineering. Even a security breach — arguably the worst issue there is — rarely results in any meaningful consequences for those whose data has been breached.
I don't think this belief is entirely justified, but as programmers, it's really hard to predict when our actions suddenly become life-threatening, so the belief persists.
My college ethics professor told us a story where a few people died at some concert somewhere in South America, because a software developer at a data analytics company pushed a config change that made all apps with their SDK crash on launch, and that included the ticket app needed to get into the concert venue. The mob, when learning that they wouldn't be seeing their favorite artists due to a software bug, got very agitated and trampled a few people to death.
> This is a prime example of why programmers are not seriously considered engineers.
Seems to me like your comment is simply an example of prejudice.
You're just describing another standardized incentive structure that you're operating in, and using that as a basis to extrapolate that programmers of all kinds—whether they work on a video platform or on machinery that could cause catastrophe if it fails—are implicitly careless careerists who refuse responsibility by nature.
Other fields of engineering usually have a regulated licensure, upon which they can call themselves a Professional Engineer. This gives them the ability to make final approval/sign-off on designs and technical reports. It's most common in civil engineering, where a PE license is required for all publicly funded projects (and most privately funded ones as well, due to local/regional/national regulations) to be approved.
This license requires the holder to uphold code of professional ethics, and makes the engineer themselves be personally responsible for the safety and viability of the design itself. Losing a PE license is rare, but it does happen. The industry board (usually a regional board) can also discipline/reprimand engineers who fail to meet the professional standard - rubber stamping projects, personal misconduct, etc. Losing a license is a huge deal, but even reprimands can have a serious negative impact on someone's career.
In the industry the previous commenter works in their hypothetical would absolutely meet the bar for discipline or reprimand.
The incentive structure you're describing is also a major contributor to cost disease.
Every decision to increase the cost of a product is taking that money out of the customer's pocket which they then can't use to buy more nutritious food or medicine or make rent and avoid becoming homeless. Every additional tax dollar spent on inflating the cost of an infrastructure project is one that can't be spent on cancer research or Pell grants or catching pedos. Moreover, that type of "tax" is highly regressive because when you make e.g. housing cost more, only the poor become unable to afford it.
Meanwhile the system you're referring to gives the engineers the incentive to be excessively risk-averse. Give someone the authority to command that resources be allocated to something and liability for not allocating them but no liability for what happens to the people the resources were allocated from and the result is not an optimal system.
The problem with software is that software doesn't care about where it's built. Jurisdictions need to balance safety and quality regulation with the fact that you can just make the software somewhere where the regulations aren't so onerous, and most software is made very far from the place where it is used.
If you're making a bridge usable by residents of Springfield, that bridge has to be in Springfield, and it has to be made by Springfield engineers following Springfield laws.
It goes beyond engineering. An account just out of university isn't allowed to sign off on anything, only after a next step can they co-sign, and they need yet another step to be the primary signer.
Depending on the country, there's also a level you need to attain as lawyer to argue in higher courts.
You also don't need one of these to build a garden shed in many jurisdictions. So there is a spectrum. And the question is, is YouTube more like a skyscraper or a garden shed?
By now there seem to be unfortunately more careless careerist programmers on the job, than dedicated engineers. In a proper CS degree we do learn about engineering methods. It is up to us to also make use of them. Someone who graduated from a bootcamp likely will not have the tools to actually engineer this stuff, unless they got some prior experience in engineering.
The prejudice seems to be everywhere. Unfortunately, to my knowledge.
Eg. architects vs construction engineers vs land surveyors vs construction designers vs urban planners…
anyone of them thinks that their profession is more valuable than the others…
Honestly it’s hard to refute the fact that we need roads and houses more than we need cat videos.
The real differentiator though is that the engineers of tangible things can get sued and go to jail if someone dies, but it seems tech companies gets away with atrocities (profits at the expense of teen suicides) with zero repercussions.
But, what is being described is THE EFFECT OF INSTITUTIONS ON INDIVIDUALS. This happens in every industry. The larger the company, the more disconnected people become.
> Honestly it’s hard to refute the fact that we need roads and houses more than we need cat videos.
If the software made by my company ceased to exist, every government in the US, federal, state, and municipal, every construction company, plus most governments worldwide would be unable to build roads or houses until they were able to cobble together a replacement.
The entire world runs on software. Software controls our banks, flies our planes, decides what happens when you press the brake pedal in your car. The bridges you drive, walk, or ride across were modeled in software and simulated to determine whether they needed to be built stronger. The power companies use software to route power across the grid. Software drives servos which determine how much natural gas and air get pumped into our power plants. Every day, power producers and power consumers bid on how much they will pay for electricity at certain times tomorrow, and all of that is automated by software. Judges and lawyers file motions electronically, routed through software. Two weeks ago, US President Donald Trump, Iranian President Masoud Pezeshkian, and Pakistani Prime Minister Shehbaz Sharif signed a memorandum of understanding, opening the Strait of Hormuz. Trump was in Versaille, Pezeshkian was in Tehran, Sharif was in Islamabad; the agreement was signed digitally, with software.
If every computer on earth stopped working tomorrow, we wouldn't notice the lack of cat videos, but we would notice the complete collapse of civilization.
As a 'software engineer' myself, I fully understand your position, but please qualify the statement about the software you work on. Either add 'efficiently' or 'at scale', because all that infrastructure you mentioned could definitely be built without your software. It was possible before your software and it sure would be possible without it, it just would not be as easy.
I am sure someone is going to dwell on that if not fixed.
This is silly. People survived before the Haber Bosch process but an overnight removal of it from the world would absolutely result in a catastrophic collapse.
If you want to be reductive, we’re all going to die due to entropy anyway, it will all balance out so there’s no point in doing anything at all.
Internet is now critical infrastructure, whether we like it or not.
We've quietly gone from it being a research project, to a cool toy, to something most people had but that definitely wasn't essential, to a world where it is just as crucial as lightning or electricity.
I bet many farming and food distribution operations just wouldn't be able to function without a connection to AWS.
If the toilets at all those firms started operating in reverse, very little would get built. The conclusion is that plumbers are extremely important, not that plumbing is de facto engineering.
Plumbers build all the pipes, but one of the aforementioned professional engineers created a drawing of where they would go and how the water and sewage would move through the building.
Your company's software enhances the process somehow, making it easier or faster or cheaper. Your company's software did not unlock the technology of road building.
There were roads built before your company's software and I'm sure if your company disappeared that ultimately roads would get built with or without their software.
It would be interesting to look at all the technological advances of the last 60 years and break them down into categories based on what happens if they went away though (category A: the field just goes back to 1950s and we more or less get by vs Category B: society utterly collapses).
It's less about whether we could live without it, more about whether we could live without it now.
We objectively don't need credit cards. We could do with cash just fine. If we were told that Visa / Mastercard were shutting down in 5 years, we'd manage to muddle through. If they suddenly vanished off the face of the Earth? People would definitely die due to starvation.
It's fun to do it forwards too (ie all recent technological advances that could be category a where society cannot live without it or category b where society is like meh or even category c where soecity utterly collapses because of it).
The internet as a whole can arguably be all three at the same time.
> Honestly it’s hard to refute the fact that we need roads and houses more than we need cat videos.
Software does more than cat videos.
Examples that may be relevant:
- CAD and simulation tools that physical world engineers use
- telecommunications (not just programmers, but programmers are vital for the current ultra-cheap generation)
- CT and MRI data processing
- alphafold
- scheduling systems for universities and other schools (makes education more scalable)
- infrastructure/systems programming (OS, web browser, etc.)
Furthermore, no one would claim that civil engineering is useless just because a certain class of billionaires liked to hire them to design silly structures. So, the prevalence of the less useful things speaks more to priorities as a society than anything about software engineering itself
Your right, as are your examples, but I want to point out an interesting thing about your examples :)
> - CT and MRI data processing
> - scheduling systems for universities and other schools (makes education more scalable)
Those two read as if they are of different urgency (#1: whoever needs it urgently is at risk of dying, schedules for "non-urgent" cases will be affected for months, turning many into urgent cases; #2: the education systems will suffer, but it only gets dire after multiple days), until you realize that #2 also applies to e.g. hospitals.
Medicine at scale is already barely scraping by as it is (see: overworked staff etc. etc.), but disrupt the internal IT working of hospitals and the indirect body count will rise fast.
I do realize this and the cat video mention was really me being facetious.
And honestly software engineers don’t need roads anyway working a tough four-day work week with long commute into the basement.
Jokes aside, innovation comes at a price. Every great thing will be turned into a weapon so just wait until the alpha-fold mutants start crawling out of a nearby sewage treatment plant.
Conveniently, those are the subdomains of the tech industry that require a deep understanding of CS theory (eg embedded systems) and DS&A, and yet whenever the subject of Leetcode comes up on HN, software “engineers” swoop in to argue how useless those are as a whole to 90% of the software being built in the world today…
Which, really, implies that 90% of people in this industry work in bullshit jobs that don’t require real engineering skills. You could even spout any BS about architecture in Medium.com and then asked to speak in a conference if it gets enough views.
>The real differentiator though is that the engineers of tangible things can get sued and go to jail if someone dies,
That basically never happens because the license wouldn't be worth the paper it's printed on if it didn't essentially protect you from your own stupidity. Any credentialed professional basically has to be farcically negligent for anything to stick and even if it does damage is usually limited by statute.
That's the whole point. The industry basically strikes a bargain with government to it's benefit. Government lets me run a supply cartel, I promise to enforce minimum standards along the way. Government gives me favorable treatment in court, I do whatever the government's rules say to the detriment of my customers. Society gets just enough scraps to provide the political will to get it done.
> Honestly it’s hard to refute the fact that we need roads and houses more than we need cat videos.
This is a fundamentalist perspective; it's hard to dispute that if we didn't have any roads, houses, or cat videos, we would need new roads more than we needed new cat videos.
It's much easier to dispute the idea that we currently need new roads more than we need new cat videos; we already have a lot of roads.
Programming is a brand new discipline. Computers are brand new and revolutionary tech. We're still figuring all this out.
Who, at this time, knows how to write code so well that they can dictate to others how everything should be done, and can they prove this superiority with a mathematical proof? If so, then maybe we can talk about getting bureaucrats involved to make up a bunch of rules and regulations to control everybody. Until then, it's the Wild West out here, and rightfully so.
Tired of shit code? Boycott the organizations who write and deploy it, up to and including opting out of their ' ' society ' ' altogether. Stop expecting Uncle Scam to help you. He's a scammer. All he does is scam people. It's right there in the name.
Ever notice how everything sucks these days--it's all cheap overpriced junk, like appliances, cars, houses, TVs, etc? That's because nobody in this ' ' society ' ' really gives a shit about quality or has any clue how to achieve it. That's who you want making laws?
And looks like you agree that coding isn’t engineering.
The first high-level programming language was Plankalkül, created by Konrad Zuse between 1942 and 1945.[2] The first high-level language to have an associated compiler was created by Corrado Böhm in 1951, for his PhD thesis.
How long are you going to keep claiming programming is a brand new discipline?
Okay, engineering proper has thousands of years of history. But it’s not like coding came down in the last shower.
Fair enough that any random app probably doesn’t need to be probably correct. And that’s why it’s not engineering.
The practice of coding is a science and an art.
I guess we should make a distinction between Engineering and engineering.
Lower case e engineering is the design and manufacture of complex product - in which case, sure coding is engineering, and coders are engineers.
I don't see why it's inconsistent to claim that programming is not engineering today while leaving the door open to the idea that maybe someday it will be. If anything, that seems in line with the criticism of the incentive structure and priorities of the ecosystem; someone who didn't think it was ever possible would more likely object on technical grounds rather than social ones.
The defining feature of engineering as a profession isn't how much we collectively know about it, it's the attitude we bring into day-to-day practice.
Take something like the Sony BMG rootkit scandal[0]. Anybody with an ounce of sense and even basic technical programming knowledge could tell the sort of security issues that that piece of software could lead to. Shipping that thing was the sort of recklessness that would get you stricken from any industry's professional body.
Or maybe something like the UK's Post Office scandal[1]. One of the issues there was that post offices sold foreign currency. People were accused of (and actually jailed for) fraud because their branch sold $100, there's £70 in the till, and the reconciliation process says that the exchange rate is $100:£80, so there's £10 missing. Horizon had no way to track that the exchange rate at the time of the transaction was $100:£70, they literally shipped a billing system that handles ForEx but doesn't understand exchange rates change over time. And then they lied about it and said the software was working correctly! This isn't an issue with "revolutionary new tech" that we don't fully understand, it's simply a fruit of having an accounting system designed with no actual accountants in the loop. If an accountant had made this exact same mistake, their licence would almost certainly be revoked, but it's somehow ok because computers are involved?
> If so, then maybe we can talk about getting bureaucrats involved to make up a bunch of rules and regulations to control everybody
We don't need "a bunch" of rules and regulations. We only need one: You're liable for damages resulting from reasonably predictable outcomes, as judged by a panel of your peers.
That would put full blame on the tech staff and let the C-suite get away. The success of a software product is measured by sales and user base, so the more successful their sales and marketing are, the higher the damages will be for the tech staff.
I am of the opinion that companies and their management should be personally liable for damages caused by bad software, not their employees. They created the structure, hired everyone (and perhaps didn't hire QA), and invested in it to make a huge profit.
On the one hand, the developers who were ultimately tasked directly with building Horizon were completely unqualified to write an accounting system, and lacked even basic knowledge about accounting in general, including fundamental misunderstandings about the very nature of double-entry and ledger-based accounting. From what I can remember from released correspondence, for example, Horizon had fundamental design mistakes that made it essentially not double-entry, particularly when multiple terminals were involved, even when not considering remote changes to accounts.
On the other, the severity of the consequences of the bugs in Horizon came from the behavior of Fujitsu management, the Post Office, and the judicial system, and I'm not sure that individual developers could have reasonably predicted that. The software was used under contracts that tried to make individual users personally liable even for shortfalls resulting from errors in the software. When accounts had shortfalls, the Post Office ignored even basic sanity in favor of insisting on Horizon's unerring accuracy. They abused esoteric powers of private investigation and private prosecution combined with their own vested interests to bring completely unreasonable prosecutions. They, along with parts of Fujitsu, repeatedly made false statements to courts about Horizon's basic operation, if often with enough distance from the actual developers to claim ignorance. The judicial system then operated under delusional and hubristic views on software development and practices around experts, witnesses, and coerced pleas that one might argue no reasonable person would have.
If a clearly negligent and unqualified engineer constructs part of an office building for a business with numerous avoidable tripping hazards that violate even basic standards, it seems reasonable that they might be liable for the injuries when employees trip on them. If it turns out that the business has a special right to shoot its employees with no consequences, decides that it would be better to shoot anyone who trips rather than admit to the building being fundamentally flawed, and then repeatedly has courts approve of its actions, I'm not so sure that the engineer should be held liable for mass murder.
Funny you used the word "developer", and I used the word "engineer", because that distinction is critical. A brick layer is not a civil engineer, and is not signing off on a construction project. Likewise, the developers banging out tickets don't have to be software engineers who sign off on a software project.
In the Horizon case, I'm thinking of people like Gareth Jenkins. He was the guy who designed the system, and also one of the expert witnesses you mentioned. He's the one who should be held to the standards I'm talking about.
> You're just describing another standardized incentive structure that you're operating in
Yeah, that’s the point. That incentive structure includes going to prison, and employers aren’t willing to die on that hill because it exposes them to insane liability if they go against a certified Professional Engineer.
An example of prejudice? What an extraordinary statement. It’s an example of ethical, competent, responsible professionalism.
The ‘incentive structure’ is non-financial and based on the ethics of valuing other humans. This is a professional duty. To even call it a ‘incentive structure’ feels like it’s missing the point.
The comment is prejudice to conclude from the Google Engineer's supposed thought process as fact and to say that it's an example of why he isn't an 'engineer'. But you can find classic engineering fields where due process is ignored due to systemic pressures - like the Challenger incident. They were engineers but the system was broken. So it's not good enough to spit on the ground and say this is why they are not engineers.
While I do think there needs to be regulation of some sort for SWEs, I can't fathom how it'd be enforced. Non-coders can use replit to build whatever they want and sell it to whomever they want. That kind of scale doesn't exist in the physical world.
It's because the first sentence of the American Society of Civil Engineers code of ethics is:
Members of The American Society of Civil Engineers conduct themselves with integrity and professionalism, and above all else protect and advance the health, safety, and welfare of the public through the practice of Civil Engineering.
The first tenant of a software engineers code of ethics is:
fuck it, make the boss some money.
Or, formally, according to the ACM:
Contribute to society and human well-being.
Which means fuck-all and includes absolutely zero enforcement like it does for real engineering professions. So do us all a favor and don't whine about our discipline's lack of standards while dipshits who call themselves software engineers are tokenmaxxing a pile of shit and SEO optimizing manipulative user environments for profit.
I understand the direction of your comment, engineering doesn't guarantee security either.
Hubris is the single biggest downfall, whether it's pegged on insecurity, or a false sense of knowledge, superiority or entitlement.
The very best and most experienced people I know have deep expertise, and maintain a healthy mistrust of their own work to keep an eye on it and improving it.
Real world experience and run history is a big thing, and people can re-learn the lessons of the past over and over with their egos, or also be open to learning from others to learn quicker.
It's not hubris (for the engineer) in this case though. It is the fact that company X knows that its dept Y can thrive with 10 engineers, and stay afloat with 5 engineers, so the magic number is 5. And then it is down to the individual to convince their manager (or resign) that problem_A is bad, but problem_B is worse, but not in my P&D objectives.
The hubris comes from the fact that the CEO doesn't hear the problems that Directors don't disclose.
The hubris comes from the fact that the Directors don't hear the problems that Senior Managers don't disclose.
The hubris comes from the fact that the Senior Managers don't hear the problems that Managers don't disclose.
And Managers simply don't care to hear the problems that Engineers face because "shuddup and close that Jira ticket within 48 hour or else".
I am ~50, I have worked (now..) 20? 20+ years in Audit/Compliance, and I laugh-cry inside.... and I am NOT surprised when I read about cases like this, it's another day in the office/life..
(definitions)
The terms hubris, ate, nemesis, and tisis originated in ancient Greece and had specific meanings and roles in everyday life.
Hubris
“Hubris” was a fundamental concept in the lives of the ancient Greeks and was used to describe someone who overestimated their abilities and behaved in an arrogant and offensive manner toward others, toward the laws of the state, but above all toward the gods.
According to ancient beliefs, such acts of hubris offended and enraged the gods.
Ate
“Hubris” consequently provoked the intervention of the gods, and especially Zeus, who sent “ate”—that is, a clouding or blinding of the mind—upon the hubristic person.
Nemesis
“Ate” led the hubristic person to commit further acts of hubris, until they committed a grave folly or fell into a very serious error, which provoked “nemesis”—that is, the wrath and vengeance of the gods.
Tisis
Next comes “tisis,” that is, the punishment and ruin or destruction of the person who committed hubris.
Have seen this so many times. And like you, having spent decades in tech, I know the cycle well. Some engineers know the problem today, but the directors will arrive at the same conclusion / concern 1-3 years later, when it becomes obvious that ... "oh this was wrong all along". But to be fair to them, they are dealing with a 1000 problems, not just this one, and that's where the management hierarchy you describe is completely liable (if someone could hold them liable).
The prevalence of calling software development “engineering” was 100% a con job by either self-important nerds or the companies pandering to them in tight job markets.
>my engineering licence would be revoked and I would be kicked out of the industry.
This isn't because you're a "real" engineer, it's because of regulation and industry licensing around specific engineering disciplines that didn't exist until the start of the 20th century. Railroad engineers in the 1800's didn't have the same set of regulations to follow, or the same liability for mistakes.
Software engineering could have similar regulation and licensing set up, though I think you'd find it to be an impossible uphill battle in today's world against the lobbying power of the big tech companies.
I think the general hacker culture of most programmers prevents this. There's an undercurrent of anti-establishment, anti-authority, anti-management, etc... To think that the industry might choose to self enforce a license system seems very unlikely.
I think another reason this hasn't happened is sheer complexity of the modern software stack. No one fully understand how everything works, in principle or in details. You can't certify someone or establish principles for things no one understands anything about.
I've come to dislike hacker culture. Worst part is that when the hackers succeed with their objectives and take over systems; they become the authority coordinating others and they are often 10x worse than the authorities who came before them. They just focus on extracting money for themselves, pulling up the ladder behind them and building moats instead. There's nothing anti-establishment about it at the end of the day, they just join the establishment and make it much more oppressive for the next generation.
> This is a prime example of why programmers are not seriously considered engineers.
Yup, most don't have the spine to stand up for their moral as they grew up creating low-stake toys. On top of that we have been unable to establish the rigour (proofs, automated-verification, proper design thinking beyond the next 2 quarters) and doing so is really hard and often doesn't have drawbacks comparable to losing speed against teams that just keep throwing stuff at the wall.
I think there is a fine line. YouTube is not critical software and no one’s life depends on the safety (putting mental health aside) of the code running. Some software engineers do however write code that is critical, but to your point, I don’t think they are ever considered liable.
I went through an acquisition as a Canadian software developer getting acquired by an American company. They wanted us to be called engineers like the rest of their SWEs but in Canada it’s a protected namespace. It’s illegal to call yourself an engineer without having the ring and the papers. Which personally I can appreciate.
Youtube should consider their engineers responsible for the software they write. Big companies these days are just bureaucracy tricks and politics. There's a small handful of real talent, but they're quickly moving to new startups.
Also, I'm Canadian as well, and almost everyone calls themselves "software engineer" these days. You just can't say P.eng. in your title. You could be forced to remove it from linkedin/etc if you're called out, but it rarely happens.
Your latter point is legally incorrect. The protected term in Canada is “engineer”. If someone calls themselves an engineer without a P.Eng, that’s an offence.
Once I worked in a company that had an ex-Googler on the board, who insisted on calling us engineers and wanted us to call ourselves that. In swedish, of course, 'ingenjörer'.
It's not a protected title in Sweden, but we still refused, because we were nothing like engineers. We were a minuscule team of mostly self-taught hackers who happened to be employed to solve business problems in a system for managing other companies and their customers. I had some idea of the rigour of engineering but my colleagues did not, still, they also weren't willing to appropriate the title.
This lead to meetings with this person being quite uncomfortable at times, embarrassing even. To me it was an obvious sign that they were unfit for managing roles. Two thirds of the team, me included, resigned at the same time after they had been increasingly active in the management of the technical department.
Since he was on the board the CEO could not get rid of him even though he knew that this person was destroying the dev team.
Revenue generating services aren’t the same as critical infrastructure. This bug, I would argue, does not hurt creator’s revenue in a substantial enough way to call it “safety”.
It's worse than that. Google will get rid of you if you are just fixing bugs. Ergo, the people who are inclined to fix are forced out or forced not to fix.
> because of a performance review my engineering licence would be revoked and I would be kicked out of the industry.
Does this happen because train companies just decided to care or because regulators got involved? I believe it was the later. Regulation is often derided here on HN but good regulation does improve things.
Europe has the Cyber Resilience Act and of course the more well known General Data Protection Regulation. They do not mandate licensing but they do establish liability when something goes wrong
Engineering and math follow logic - they model reality / self-consistency and always correct themselves because of the scientific method. However, computer science is a chase of what is the most popular at the moment. Those are decisions based on the crowd, not anything close to an objective opinion, and the wrong choices are compounded every day[0][1].
In the country where I live there are two university degrees: Computer Science (depends on Mathematics) and Information Engineering (depends on Engineering). I took the latter, where there is more maths (despite not depending from the Maths department), physics, electronic, automation. I now work with healthcare data: a highly regulated field. Can you please explain what is _not_ engineering, given this context?
No one is saying all programmers lack engineering discipline. It is simply not required for all programmers, even in many situations when it probably should be.
yeah, and somebody mounting i.e. some sort of audio/video equipment might make a mistake of putting flammable wire through firewall, while a software engineer in a different field (i.e. embedded or network firewall) might get lawful action in case of a design flaw
Licenses and reprimands are not bulletproof as those are often portrayed: take 737MAX for example, or Ford Pinto, or bridges, which fail every day as it seems
The post-mortem on an incident is where it's at. Unfortunately most of those are proprietary and unseen by the rest of the world, but when a load bearing (are humans allowed to user that phrase still?) website like Google or Stripe went down, there's a level of rigor that isn't seen by the public to ask the five why's, or another framework that makes software look like real engineering. Problems are going to happen. Things after going to come up. The question is what you do after that, which determines if it's a serious thing or not.
The entire rail industry suffers from massive deferred maintenance issues that manifest as serious safety concerns. This shit happens in every industry: dieselgate, 737max, flint water crisis, PG&E camp fire, etc. Let's not pretend one engineering discipline is holier than thou -- especially when the consequences are derailments versus some leaked youtube videos.
i always have a little chuckle inside when i see someone using the term software engineer - i always thought it was a term they used to pick up chicks.
I used to be a sysadmin at hospitals. There is software in everything like biomed devices, imaging machines and even the humble email system that I maintained.
Other examples of critical software systems include banking and voting.
I have never _ever_ called myself an engineer even when I was encouraged to.
Yes, of course you are correct. I should have been more specific in my response. I can print("Hello World") and I am not an engineer. I have a BS in accounting but am not a CPA, and that is also highly regulated.
The point I am trying to make is that we are building a society on software that has no legally binding standards but has serious impacts to all of us.
"engineering - the application of scientific and mathematical principles to practical ends such as the design, manufacture, and operation of efficient and economical structures, machines, processes, and systems"
agentically vibe coding a website with some minor manual tweaks? adding bullshit to a product for the pure purpose of profit maximization at the detriment of the end user? moving fast, testing user engagement instead of user safety, and being okay with breaking things? .... not engineering !
following an agreed set of processes to formally maximise product safety & consistency eg. adhering to medical device standards for software development? .... engineering!
The issue is a bit more nuanced. Where I live, software engineering is regulated in the same way civil engineering is. The main difference is that you don't usually need an engineer to sign off for software projects, but I dont see a big difference between PE certified projects and those that are more "agile". And we aren't some sort of SWE quality haven either.
Generally speaking i agree that we need better control over titles and competence but youtube is still an incredibly massive engineering achievement as a platform, has been extremely reliable all things considered, and it's been mostly built by people without those certifications or regulations.
> This is a prime example of why programmers are not seriously considered engineers.
The civil engineer who builds a great suspension bridge probably looks down on the one who builds a bridge over a irrigation ditch in a rural county using a big metal pipe covered with dirt.
Much like you may look down on train builders who make the novelty trains for kids parks.
Software engineering happens to be useful everywhere and most stuff in life is low stakes and the economics do not exist to make it perfect.
However, in aerospace, banking, and other high stakes industries software engineering projects are met with the rigor that is called for.
Software should always be treated as the artisanal, crafts-person like work that it is. There is far more subjectivity and design/aesthetics (not relating to GUI, etc) in the design of software than most will admit.
Less so in those that actually have any barrier for entry, you do need an actual degree to be an engineer, an MD to be a doctor, a forklift cert to operate them in a warehouse, while anyone without any certification can write software.
If we're going to gatekeep the word "engineer", you're not in the most defensible position as a train designer. If you want to go back to the original definition, engineers were soldiers specialized in siege warfare, which has nothing to do with designing trains. Alternately, "engineer" can be broad enough to include someone driving a train, which presumably required some understanding of how the locomotive worked but was more of what we'd call a skilled technician.
> This is a prime example of why programmers are not seriously considered engineers.
The problem isn't the programmers ffs. In your industry, if your superior orders you (or creates the incentive) to hide bad stuff under the rug, you have the ability to push back, at least to some degree.
Programmers? We don't have that. Maybe the few of us who actually work on security critical stuff, but some generic AI BS? No chance. You're being treated as a cog.
All sorts of employees are treated as disposable. The issue is absolutely that software engineers have no culture of responsibility or safety and no professional licensing group to enforce it for them.
The professional licensing group is what creates the culture of responsibility. Most developers would be happy to have that as it would limit supply and increase wages considerably.
> no culture of responsibility or safety and no professional licensing group to enforce it for them.
Naturopaths and chiropractors are licensed to do various things too, physicians, etc.. a license does not imply that there would otherwise exist a culture of responsibility, foundation in evidence or anything of the sort. It's an incentive structure and regulatory practice. One may even keep their license while being a monster and abusing other incentive structures that don't have a bearing on that license.
Software engineers are not typically licensed as engineers, that's all one can say without dipping into prejudice.
I'm working on automotive safety-critical security-critical stuff. There is structure and bureaucracy around this stuff.
For example, a project gets a safety managers assigned who has to sign off the release. Project management is explicitly not superior to this safety manager. In most cases these safety managers are just there review stuff according to some process guidelines. If there is pressure (project is late, etc), there are more senior safety managers to call in and they will usually make more nuanced safety arguments (in this specific case, violate this guideline, but at least do X as mitigation).
In the end there is bureaucracy. Things need to be signed and archived for potential law suits. Not having archived things will be even worse in the law suits.
The upside: As a programmer, you don't need to argue that you need some time for unit testing.
The downside: 100% test coverage is mandatory and it really gets enforced.
I remember hearing this perspective when I first started in the software industry, and I agreed with it for quite some time. But frankly, we’ve never been further from it.
Last year alone, 40 people died in Spain in a train derailment. In total, how many people have died over the last 100 years because of something a software engineer did?
ETA: Admittedly the above is getting off-topic from YouTube, but I can easily imagine a scenario where an instructional video was deleted due to a spurious copyright strike or some other stupidity.
Probably many, but how many is the result of the title of someone's IP leaking? Other than private video titles, what can this AI actually access? I doubt it has bank account information or any other PII that could cause actual damages. The risk is real but the impact is incredibly low.
Not just accidental, there are many tools/processes/weapons that are powered by software written by engineers who knowingly write their code to do harm.
But people gotta eat and all so who am I to blame.
I feel like things have become so much more cynical in the last 5 years, in this regard.
I feel like part of it is the "over-systemization" of promos. I see the logic behind it to some extent - if there's a system, it's "fairer"/"more democratic". But, then we end up with ridiculous gamified promo systems.
The impact is local though, it would be only a problem if the median small company is more messed up than the large co.
It not likely to happen because being small there are more threats or market forces to deal with so they cannot do as they please. Monopolies or just economies of scale affords large co and the small number of executives that control them outsized influence - both good and bad.
This is great. I'd begun to conclude the pendulum swung too far towards "moneyball" and both approaches have trade-offs, but this is perfectly succinct
Yeah... there are no systems that are not political. Even if you agree objectivity is a thing, someone has to persuade others to buy into whatever that objectivity is, and that's still politics, and not cynical at all.
Eh, clearcut promo paths used to be a bigger thing in the 90s and they did work for a little while, they just didn't handle exceptions well, and then the whole developed world up and thought they were also exceptions. Certifications used to matter more, now they are so cheapened that you cannot do much without them.
It’s not about fairness or democracy (maybe you meant meritocracy?) at all although it’s sold that way to participants - it’s primarily about ownership’s ability to cascade management duties, including mitigating latent negotiation powers by individual workers and groups of workers
It depends heavily on your manager and skip. My boss values operations and getting things done (including both doing things right from the beginning, and fixing things when we have to cut corners to launch quickly due to exogenous pressure), and that means people get promoted for being good engineers. Of course this falls apart for higher levels where it is entirely politics, but that is beyond my boss' influence.
I don't think it's the promo process itself. If the bug was something that actually affects Google's bottom line, I guarantee that Google would find a way such that the engineer would be incentivized to fix it.
Youtube launched 1 year and 8 months before being acquired by google.... It's largely semantics to say that what Youtube is today, isn't a direct result of Google's ownership for nearly 20 years now....
From talking to someone that worked at YouTube for 15 years, they still had a lot of core Python code in 2016 that was legacy from the OG company/team and that code needed to be transitioned to follow the Google way of doing things in C++/Go.
I don't think it was distinct enough from the Google culture like Android was at the start of the acquisition but it seems they had leeway to do their own thing.
No concept of language in a user facing way. No filter by language no search by language. On the contrary searches are translated before running and return all languages, videos are dubbed even when you speak the original language, same but with titles being translated etc. Search being shit is kind of on par with being a Google product though. I wonder if they had any language preferences before Google bought them. I don't remember that far back.
(1) There is no single entity called "the backbone." (2) Yes, they do direct peering with ISPs whenever possible, but maintaining on-premise cache AND the "backbone" is not a trivial matter, nor free
They're paying a marginal cost compared to us plebs, yeah, but definitely not "free", especially when YT is allegedly responsible for 1/6th of global internet traffic
I assume that's why they wrote good and not successful.
It's an average software product with incredible scaling behind it and a lot of elbow grease to keep it chumming along, but it's not great software by the definition of "bugs actually get dealt with"
It's great software in the sense that it makes a shit ton of money though. In the end software that doesn't get used and doesn't make any money but has no bugs is not valuable either.
Not saying that this is the trade off you have to make but if you have a working mode in place that achieves usage and money somewhat consistently i can understand being hesitant about changing it to optimize for less bugs instead.
Weapons are a great product for weapon dealers and manufacturers as well, just not so much for the people killed by them (or their families, or survivors)
So sure, if making a shitload of money is the metric, YouTube is a great product.
That wasn't the point of the person you answered to though.
This is what you get when the MBAs are in charge. They just go with P&L, Spreadsheets, etc. and care only about the current quarter and meeting the goals.
Wait, but Sundar Pichai was there pre google IPO as a Chrome PM, and Neal Mohan was there for 18 years. How are they examples of "doing your time" being a bad strategy?
Not really, in such large companies there's enormous selection pressure favoring career politicians. Maybe some of the survivors did some engineering at one point, but expertise fades fast when you stop getting your hands dirty. Most are empty suits.
It's easy to cynically generalize and attribute to the broken promo process when it is more likely either a non-engineer reviewing the report or someone else not really understanding the nuances of prompt injection. I work at YouTube, and I've escalated it to the appropriate TLs and TnS leads to take a look.
Bugs in existing projects and a sense of ownership and leadership are absolutely a part of GRAD, having been in several calibrations and promo committees myself. So while this understanding has a grain of truth, it is far from what's evaluated, at least in my VP's org. I can't speak to Cloud or any other PAs.
I also used to work at Google and what you have described is not the way the VRP works at all.
1. The engineers on the VRP teams set the severity of the bug based on impact. The engineering team responsible for the fix can argue the severity but only if they can show there is some other mitigating factor that the VRP team wasn't aware of.
2. Google has a great security culture and while it may be true that maintaining existing code may not be as sexy as building new features, fixing vulnerabilities does look good on GRAD (performance) because the impact is already well documented.
3. Believe it or not, the VRP team does like to give away rewards. However, to do this, they have to follow a rubric to keep all of the payouts consistent and fair.
4. Constructive and polite discourse is welcome and a researcher may reply to their bug asking for more details or to make their case in the event that they think the VRP team did not understand the severity. The team is made up of humans who are open to the idea that they missed something in the initial report. They, like all other bug bounty programs, are also struggling to keep up with the huge influx of AI generated slop so mistakes can happen.
My first thought when reading the article was: "The generous interpretation here is that whoever is fielding reports gets so many false positives that they miss true positives (like this report), especially if there's any gray area."
I'm not saying that excuses it, but it is one likely explanation for how it happened. When looking at just one report, the response seems negligent. When looking at a pile of 1000 nonsense reports, with a handful like this, I understand the difficulty.
Of all the fucked up things in this comment, giving a single Engineer lifetime responsibility for all bugs in code they wrote is probably the dumbest.
And it's slowly becoming the norm. The last place I worked at, a large and well known Tech company, didn't even roll with QA's. That just wasn't a role anywhere in the division. You are fully responsible for all the bugs in all the code you ever wrote
I think it's reasonable to have a culture where you're encouraged to consult the IC who wrote the code even after they've moved on to other projects. But I don't think they should be responsible for fixing the bugs.
And I don't mean this to excuse the bad code written by ICs. I just think it's not sustainable from the POV of the org itself to depend so heavily on individuals, especially ones who aren't familiar with the entire codebase anymore.
The team currently in charge needs to have full ownership and be responsible for the code, even if they didn't write it.
That works as long as there's a finish line. If you make a framework, or a set of libraries, it's easy to get pigeon holed into all new features/tangential work around those.
> The team currently in charge needs to have full ownership and be responsible for the code, even if they didn't write it.
That's honestly a high enough bar — many orgs I've worked in do what I call "zero-staffing", which is where an in-use / deployed-to-production project has no team, no engineers (or so few engineers, such as one, as to be a pittance). That one eng, if they even exist, is often just trying to hold everything together.
There's a middle ground, of course: an engineer who has accomplished too much might be underwater with questions, but at the same time, they need to pass the torch to the next team that is maintaining it.
… but too often, there just isn't a next team. People get burnt out, leave for greener pastures, and stuff gets decommed (maybe) because people are like "what even is this?" b/c the knowledge has walked.
The industry is not rewarding experience or knowledge at the moment, so that trend will continue.
OP used the word "lifetime" which makes a key difference.
I don't want to be responsible for a bug in my 8 years old code, which I probably even forgot how it worked etc. I probably don't even work anymore in the same team or on the same service.
Why the hell should I be responsible and how is this sustainable?
I am not even sure if your criticism makes any sense at all anymore nowadays. AI is writing 80% of the code, if not more. It's technically not even your code anymore, although there is your name on the commit. Why should I be responsible for that 3 years from now, when I have again moved team or service etc.
Accountability ok, but you should not retire with your code.
> Why the hell should I be responsible and how is this sustainable?
Well, it works for professional engineers, you know, the people designing bridges, tunnels, heavy machinery, aircraft, spacecraft or medical instruments. When something happens and they can't show that their work adhered to the generally accepted best standards at the time... they're held liable. And sometimes, that liability includes jail time, particularly when people are seriously injured or die.
And how it is sustainable? Simple: legal requirements that force managers to allot enough time and tooling to their engineering teams, because engineers whose professional license is on the line will rather quit than be forced to sign off something that is unsafe.
In the software world, this might result in AI not being used at all - simply put: no matter what, AI in its current form is always going to be vulnerable to in-band attacks, or to use an older term... phreaking [1]. It might result in software having to go through formal proof programs, fuzzers, whatever. It might result in entire programming languages just being outright banned in production code in favor of programming languages that eliminate entire classes of vulnerabilities.
And before the usual "but China/India/... would outcompete us" complaints come... well, have you ever seen a Chinese widebody airliner in Western airspace? No. Because China is not able to pass over the engineering gates we have set in place. We could easily do the same with software.
Requiring at least some sort of quality gates on software would not be bad for you as a programmer. Quite the contrary: it would hand you power over your incompetent beancounter boss.
I think the problem I see with your argument is that people simply do not value reliable and secure consumer software as much as they'd value reliable and secure airplanes.
Of course, software that is in charge of things where people value security a lot, such as the software in airplanes, is much more scrutinized and adheres to better standards. This is the case precisely because when it goes bad people die in ways that attract a lot of attention.
You can't enforce those same policies on most consumer software because people consume it the same way they do food. You can have Michelin starred restaurants with the best practices but most people can't afford to eat there so instead they will buy hot dogs on the street.
The idea of "high quality hand crafted artisinal software" is closer to luxury products than it is to the engineering of planes, trains and bridges.
> You can't enforce those same policies on most consumer software because people consume it the same way they do food.
The government can. GDPR was an attempt in that direction, it wasn't enough of a hint to software developers, that's how we got the Cyber Resilience Act that's beginning to take first effects in a few months.
> Whose engineers developed MCAS? Were any of them held liable? Are any in prison?
Given that Boeing had been granted wide leeway to audit itself and write its own standards... the engineers couldn't be held liable and the corrupt US government dropped the corporate case [1].
> If you’re not going to take responsibility for your bugs I don’t want to work with you.
Depends on what "taking responsibility" means.
> Don’t make other people QA your work; if you’re not able to figure out how to do that yourself while you work you’re legitimately bad at your job.
At a distance I agree with this, but closer to the details, eh... Having worked with excellent QA and QE people, they just think differently than I and other programmers I've worked with do, in a useful way, so I think it's a shame (even if understandable) how such roles have been killed industry wide for over a decade. "Hybrid" doesn't really cut it. But yes, I get pissed when a code review comes my way and the author clearly didn't bother to even run their own code because when I notice something wrong and try it, lo and behold it doesn't work. I imagine some even less competent places throw over reviews (or just push straight to master) that don't even compile. I won't get into basic automated testing. I believe programmers should have a professional ethos to learn new things to make themselves better at their craft, with or without management support or even paid company time for it, this includes ways to think about better achieving quality goals.
> Once you leave an employer obviously you have no obligation to fix bugs in IP you don’t own or anything.
This is the crux of the issue: the employer always owns the code, not the individual, and so to me it's the employer's job to be responsible for any defects. A sensible employer probably recognizes that often the author of the code is the best one to fix it -- but this is also part of why it's so important to have code reviews, because then in theory you have at least two people who are somewhat familiar with the code. At the same time, coding, like everything else, is subject to stochastic quality issues. Employees work within a system, many issues are caused by the system, and only management can change the system. Take some lessons from Deming's red bead experiment: https://www.youtube.com/watch?v=7pXu0qxtWPg (Write-up: https://web.archive.org/web/20251212234933/https://maaw.info...)
Ok. So QA finds a bug. Who’s responsible for fixing it? The only value of QA is to try to make sure you become aware of issues before customers find them
It's not cute, it's a sensible way to build greater understanding by learning from mistakes. The thing is, it has to be engrained in the culture and that also means it may need to take priority over other work. Responsibility doesn't need to mean you have to write the code, just see it through.
It's even worse when you don't work at a tech. Even the simplest of Excel formulae, power automate flows simply go abandoned once the creator moves on, or maybe a very expensive consultant is onboard to maintain what amounts to a handful of lines of code. It's embarrassing how little initiative the average information worker has when it comes to stuff like this.
It's ultimately Google's responsibility to ship bug free products. I don't care who implements a fix, but Google management should make sure someone fixes it.
And this attitude is why we have the software we have in 2026. The profession used to recognize value beyond next quarter’s dividend (jk, we only do stock buybacks now for tax reasons).
Because big tech companies are oligopolies, and there isn't enough competition in the market. If you're dissatisfied with the 2 choices out there, you cannot vote with your wallet.
Definitely. The front line support agents handle only the most basic requests. Anything even remotely complicated, such as this, would be internally kicked around until they found someone familiar with the project to give input. Which most likely is someone who worked on the original implementation.
In 2026 things have changed, there's literally whatever tens of thousands of "security" reports that are almost all bogus as a raging crap river.
I think theres very little chance this particular report made it to any engineer who works on product at all, because if they did they would be completely overwhelmed by reports, the filter which has to handle the many thousands of reports based on a playbook almost definitely filtered it out before it made it that far.
This is a fairly nuanced/involved issue, so the task of classifying the bug likely made it's way to one of the engineers responsible for the implementation of this feature.
That engineer has already launched this project, and filed it away under their GRAD (performance) artifacts for when promo/annual review talks roll around. There's no motivation for this engineer to waste time fixing this bug because it won't benefit their promo packet, and they are already being put under pressure to launch other projects which _will_ benefit their promo packet.
So they do what they can to sweep it under the rug because that's what the promo/annual review framework (GRAD) incentivizes and rewards.