Safety features should work if everything else fails. Their failure mode can’t be “fuck it, it didn’t work”. Which is directly opposite to the failure mode of a subscription based service.
The FTC needs to do its job and start outlawing all these obscene subscription business models for things that are rightfully products, not services. Where’s my goddamned First Sale Doctrine, FTC?!
Software Engineers working on commercial products need to be professionally licensed, so that proper consequences can be applied for unethical “fail-deadly” designs like this one.
As a software engineer, the thought of my code being responsible for someone’s safety is fucking terrifying. Thankfully I’m not in that kind of position.
From experience though, I can tell you that most of the reasons software is shitty is because of middle or upper management, either forcing idiotic business requirements (like a subscription where it doesn’t fucking belong!) or just not allocating time to button things up. I can guarantee that every engineer that worked on that thing hated it and thought it was fucking stupid.
Licensing would be overkill for most software as it’s not usually life and death. I think in this case since it’s safety equipment it really should have been rejected by NHTSA before it ever hit stores.
I can guarantee that every engineer that worked on that thing hated it and thought it was fucking stupid.
As a software engineer who was also a civil engineer-in-training before switching careers, I think one of the big overlooked benefits of being licensed is that it would give engineers leverage to push back on unethical demands by management.
Dear manager please clarify the specifications for product. From the discussions in the last design meeting i felt the specifications to potentially be ambigious about their compliance with critical safety regulation. Please reply with the clarified specifications.
I don’t think you understand what being licensed means. It means the state requires that people doing that job hold a license. Offshoring would become illegal.
I just don’t see how it would help. It would require legally defining what is or isn’t an unethical or unsafe software product, in which case why wouldn’t you just… regulate the product.
That’s easy with civil engineering: did the thing collapse and kill people? You dun fucked up. But bridges and buildings and tunnels don’t have EULAs with liability disclaimers.
Anyone who paid for this piece of shit vest almost certainly had to accept some sort of license agreement that disclaims any liability on behalf of the manufacturer. It’s a safety supplement meant to reduce the risk of a fatal injury, not prevent them altogether.
You’d also end up with a situation where an overseas team develops the software and you just have a licensed engineer on retainer to rubber-stamp it. It’d probably kill what little domestic software development we have left, because however much time and money it costs to get licensed will jack up everyone’s salary requirements that gets licensed.
It would also mean heavy restrictions on the import of any software, which pretty much fucks… everyone. It’d likely kill the Internet or make it even shittier, because you could only visit websites developed by a licensed engineer. Every website visit requires the downloading of software: the Javascript frontend.
It would also effectively kill open-source, because the legal liability would override the warranty disclaimer in every single open source license. Why would you put something out into the world for free if all it would do is open you up to litigation?
Could a well written law take this all into account? Certainly. Would you realistically expect it to, though? I don’t think so.
My dad worked for AAA. Once he got a call because a lady’s car errored out and thought she didn’t have her seatbelt buckled mid-drive, so it shut the engine off. On the freeway.
Even without a subscription, failsafes should always fail safe.
Thorium reactors have a cleverly dumb failsafe. If reactor control fails, there’s a plug that melts and drains the contents into a container that’s not fit for runoff neutron generation.
That’s an example of a failsafe that fits its purpose. It’s still possible to fuck it up, but it would take a lot of effort to do so.
Yes, but also from an implementation perspective: if I’m making code that might kill somebody if it fails, I want it to be as deterministic and simple as possible. Under no circumstances do I want it:
checking an external authentication service.
connected to the internet in any way.
have multiple services which interact over an API. Hell, even FFIs would be in the “only if I have to” bucket.
The argument the company makes is that it allows them to sell the device for cheaper upfront, which means that more people can afford to have one. They sell them for $400. But also fuck them, nobody ever died from HP disabling printers.
Also, if they genuinely wanted to make it more affordable up front in order to get the safety device in more hands, they could charge a chunk initially and then a regular payment plan for so many months. Not paying in perpetuity or we disable it.
It checks the service when booting up before a ride. After that it doesn’t connect to the internet. If you’ve gone past your grace period of 60 days it won’t boot up at all, and it will alert you that the device isn’t active.
Don’t get me wrong, I hate the idea of the subscription but it’s important to have accurate information. Did you even read the product page?
That information changes none of my issues; if you don’t see the plethora of potential implementation bugs involved, either you don’t code professionally or you shouldn’t be.
I code professionally, specifically I develop very resilient medical software. From a software perspective, as long as the developers are competent I have no issues with the device. There are so many other things you could take issue with when it comes to the vest, but I’m telling you software just isn’t one of them.
I’m sure the developers are competent, but the reason I care about the design decisions is the same reason the electric brakes on cars don’t interface with its infotainment system; the interface inherently creates opportunities for out of spec behaviour and even if the introduced risk is tiny, the consequence is so bad that it’s worth avoiding.
If you have to have an airbag be controlled by software (ideally the mechanism is physical, like a pull tab), it should be an isolated real time device with monitoring your accelerometer and triggering the airbag be it’s only jobs. If it’s also waiting to hear back from another device about whether your subscription ran out before it starts checking, the risk of failure also has to consider that triggering device.
It can be done perfectly, but it’s software so of course it has bugs.
It reportedly checks subscription upon putting the vest on and supposedly won’t turn off mid ride.
And if there’s a bug in that code, you’re fucked.
Safety features should work if everything else fails. Their failure mode can’t be “fuck it, it didn’t work”. Which is directly opposite to the failure mode of a subscription based service.
This is why:
The FTC needs to do its job and start outlawing all these obscene subscription business models for things that are rightfully products, not services. Where’s my goddamned First Sale Doctrine, FTC?!
Software Engineers working on commercial products need to be professionally licensed, so that proper consequences can be applied for unethical “fail-deadly” designs like this one.
As a software engineer, the thought of my code being responsible for someone’s safety is fucking terrifying. Thankfully I’m not in that kind of position.
From experience though, I can tell you that most of the reasons software is shitty is because of middle or upper management, either forcing idiotic business requirements (like a subscription where it doesn’t fucking belong!) or just not allocating time to button things up. I can guarantee that every engineer that worked on that thing hated it and thought it was fucking stupid.
Licensing would be overkill for most software as it’s not usually life and death. I think in this case since it’s safety equipment it really should have been rejected by NHTSA before it ever hit stores.
As a software engineer who was also a civil engineer-in-training before switching careers, I think one of the big overlooked benefits of being licensed is that it would give engineers leverage to push back on unethical demands by management.
manager@evil.corp
Dear manager please clarify the specifications for product. From the discussions in the last design meeting i felt the specifications to potentially be ambigious about their compliance with critical safety regulation. Please reply with the clarified specifications.
Management can always just fire the engineering team and hire one overseas. It’s not like it’s even that difficult to do.
I don’t think you understand what being licensed means. It means the state requires that people doing that job hold a license. Offshoring would become illegal.
I just don’t see how it would help. It would require legally defining what is or isn’t an unethical or unsafe software product, in which case why wouldn’t you just… regulate the product.
That’s easy with civil engineering: did the thing collapse and kill people? You dun fucked up. But bridges and buildings and tunnels don’t have EULAs with liability disclaimers.
Anyone who paid for this piece of shit vest almost certainly had to accept some sort of license agreement that disclaims any liability on behalf of the manufacturer. It’s a safety supplement meant to reduce the risk of a fatal injury, not prevent them altogether.
You’d also end up with a situation where an overseas team develops the software and you just have a licensed engineer on retainer to rubber-stamp it. It’d probably kill what little domestic software development we have left, because however much time and money it costs to get licensed will jack up everyone’s salary requirements that gets licensed.
It would also mean heavy restrictions on the import of any software, which pretty much fucks… everyone. It’d likely kill the Internet or make it even shittier, because you could only visit websites developed by a licensed engineer. Every website visit requires the downloading of software: the Javascript frontend.
It would also effectively kill open-source, because the legal liability would override the warranty disclaimer in every single open source license. Why would you put something out into the world for free if all it would do is open you up to litigation?
Could a well written law take this all into account? Certainly. Would you realistically expect it to, though? I don’t think so.
This is managements fault, not the engineers fault.
We have to implement the requirements we are given. If we don’t, we get fired and they hire someone else who will do it.
If we were licensed, any replacement would be similarly ethically bound to refuse and that tactic wouldn’t work.
who’s doing the licensing and do they share my ethics?
My dad worked for AAA. Once he got a call because a lady’s car errored out and thought she didn’t have her seatbelt buckled mid-drive, so it shut the engine off. On the freeway.
Even without a subscription, failsafes should always fail safe.
Thorium reactors have a cleverly dumb failsafe. If reactor control fails, there’s a plug that melts and drains the contents into a container that’s not fit for runoff neutron generation.
That’s an example of a failsafe that fits its purpose. It’s still possible to fuck it up, but it would take a lot of effort to do so.
Pop verification neck to continue.
If there’s a bug in your car’s airbag, you’re also fucked.
The problem is the subscription, not how it was implemented
Yes, but also from an implementation perspective: if I’m making code that might kill somebody if it fails, I want it to be as deterministic and simple as possible. Under no circumstances do I want it:
If the customer is dead, they definitely can’t renew.
Who wouldn’t tout your service if it saved them?
But also… why the fuck does this require a sub?
Because “fuck you, we’re rent-seeking and you can’t do anything about it,” that’s why.
The argument the company makes is that it allows them to sell the device for cheaper upfront, which means that more people can afford to have one. They sell them for $400. But also fuck them, nobody ever died from HP disabling printers.
Also, if they genuinely wanted to make it more affordable up front in order to get the safety device in more hands, they could charge a chunk initially and then a regular payment plan for so many months. Not paying in perpetuity or we disable it.
It checks the service when booting up before a ride. After that it doesn’t connect to the internet. If you’ve gone past your grace period of 60 days it won’t boot up at all, and it will alert you that the device isn’t active.
Don’t get me wrong, I hate the idea of the subscription but it’s important to have accurate information. Did you even read the product page?
That information changes none of my issues; if you don’t see the plethora of potential implementation bugs involved, either you don’t code professionally or you shouldn’t be.
I code professionally, specifically I develop very resilient medical software. From a software perspective, as long as the developers are competent I have no issues with the device. There are so many other things you could take issue with when it comes to the vest, but I’m telling you software just isn’t one of them.
I’m sure the developers are competent, but the reason I care about the design decisions is the same reason the electric brakes on cars don’t interface with its infotainment system; the interface inherently creates opportunities for out of spec behaviour and even if the introduced risk is tiny, the consequence is so bad that it’s worth avoiding.
If you have to have an airbag be controlled by software (ideally the mechanism is physical, like a pull tab), it should be an isolated real time device with monitoring your accelerometer and triggering the airbag be it’s only jobs. If it’s also waiting to hear back from another device about whether your subscription ran out before it starts checking, the risk of failure also has to consider that triggering device.
It can be done perfectly, but it’s software so of course it has bugs.