Tuesday, April 08, 2008

Who will save us from bad software?

No, this is not part of my ongoing battles with Linux (the sound's died again, by the way. Damned if I'm reinstalling...).

What's on my mind here is the more general issue of software quality. More precisely, what's going to be the impact of crap software on the world at large?

My washing machine is a case in point. Unlike the old world of washing machines, where a complex and breakable machine (a timer / controller) ran the wash cycles, the modern machine is computer-controlled. That means its functions are controlled by software.

And that means the behaviour of the machine is at the mercy of the brain that conceived the software. In this particular case, whenever something like balance upsets the washer, instead of going into a "hold" state and simply resuming its cycle when you re-balance it (like the old electro-mechanical timer would have done), the software designer has decided the machine should revert to the beginning of the cycle in which it unbalanced. If it unbalances at the end of a rinse cycle, it returns to the beginning of the rinse cycle - unless I or my wife runs over to the machine and resets its timer to a more appropriate spot.

But wait, it gets worse: its rinse cycle is actually multiple rinses. So if it unbalances when emptying from "first rinse" to begin "second rinse", it often decides to reset itself - it returns to the beginning of "first rinse" automatically. It's quite capable of spending hours getting half-way through its rinse cycle and returning to the start (which means you can't leave it home alone).

The result of bad software in the washing machine is a machine that is a relentless waster of water and electricity, and which needs constant supervision - neither of which would or should be the intention of the designer.

Since software is increasingly at the basis of everyday life, software quality is important.

Last week, I was at a press lunch hosted by Websense. That company is putting a lot of effort into new technologies designed to protect companies against the damage caused by botnets, trojans, drive-by Websites planting malicious code in browsers, and so on.

All of this is laudable and important - but like the water-wasting washer, the dangerous Web application has its roots in bad software: insecure operating systems, very poorly coded Web applications built in a rush and hyped to the max, and software that's simply a dangerous idea in the first place (why, oh why, do people think it's a good idea to host your desktop search and office applications out in Google?).

Websense was quite happy to agree that bad software is the starting point of bad security. Happily for that company, there's no immediate prospect of thing improving...

No comments: