Really? A lot of software is heavily inspected. I'm working on a project that will be PCI compliant at the highest service provider level. Quality is very important. Every line will be inspected by another developer and automated tools before it even gets anywhere near QA, yet alone production.
Third party outside your company folks? That's pretty rare and impressive actually. Good to hear.
I also just went through a PCI audit. It'll be the only reason the developers have to rewrite stuff to run on a more modern OS in our case.
Trying to apply what works in the construction world to the software world absolutely does not work - and that's what was originally attempted. It's a different problem.
Okay reading further you seem to hit on it, stuff is getting too complex. Why should that trend be allowed to continue?
There will never be perfect software and developers will always make mistakes. Expecting otherwise is absolutely ridiculous. Sys Admins make plenty of mistakes themselves and continue to make the same ones.
Actually sysadmin mistakes can usually be lowered significantly by utilizing techniques similar to aviation. Checklists, sign-offs by more experienced sysadmins who've been listed as instructors via formalized processes, etc. Of course those highly experienced folks often demand higher salaries and "leave to go fly for the airlines" from smaller companies, but a good Ops manual is worth its weight in gold in sysadmin work. Written procedures and management who'll back up anti-cowboy sysadmin techniques with real teeth (firing) helps a lot too.
If you log into a production system to make a change without it written on paper during anything other than an outage, you're gone. It works.
We're not quite there yet at my new employer, but the VP of Engineering I've known for over a decade hunted me down to get it done.
The No-SQL movement is most *CERTAINLY* not a backlash against object orientation or abstraction. It's a step further in the OO direction, being able to store objects and manage them easily instead of having to translate to a relational schema that doesn't represent the business objects at all.
No no, I meant it was a backlash against abstraction. Not against OO.
Too many debs are tired of the bugs of the RDBMS biting them in the butt. They'd rather they were bitten by their own bugs.
Believe me. I've said the same thing you've been saying and I still say the same thing. I just have some experience on both sides of the battle (as a sys admin bitching about the heavily abstracted code written by developers with no forethought towards what that abstraction is ACTUALLY doing) and as a developer abstracting to have maintainable code.
Hardware is complicated and getting more complicated. Software is getting WAY more complicated with each moment. Proper abstraction helps make things more manageable, not worse.
Software only comes into being from the fingers of a dev. If it's getting more complex, only devs can blame devs, right? Why do their peers allow it? I'm curious. It seems when I troubleshoot and boil down most serious security problems, they always stem from basics like bounds-checking variables. Buffer overflows are rampant. Sandboxes and fancy memory management haven't even made a dent in that problem yet. But were promised as the "fix" for them a decade ago.
Much of the problem comes from inexperienced developers misusing tools.
There's inexperienced pilots too, but we manage to keep most of them from flying aircraft they're not rated to fly.
The sooner the software industry comes up with some kinds of real objective measure of developer skill, and "time in type" limits, the better off we'll all be.
We don't typically hire brand new Architects to build skyscrapers, ya know? They work for years under more experienced engineers and architects.
I think the crux of the problems are rooted in business' inability to pay for the really experienced folks to say "No. That will kill the business in three years. I've seen it."
But the industry at least needs to make more of an effort internally before more PCI, HIPAA, and SAR-OX regulations are slapped on by the outsiders if you're against the regulation model. Wouldn't you agree?
