Don’t get me wrong, as an agency person I am all for enthusiastic participation in marketing the client’s product, and as a committed testing specialist, I am all for putting my money where my mouth is, but in the following article from The Times, journalist Catherine Philp buys a bulletproof jacket from tailor Miguel Caballero and then allows him to shoot her in the stomach.
Excellent article in today’s Guardian technology supplement by Bruce Schneier, security technologist and author. His hypothesis is that cars are well designed and software is not. This is because car manufacturers face liabilities if they make mistakes but software vendors do not. Further, both the market and the law support the status quo. He writes:
Dateline: London, September 2007
My biggest mistake was to delete the UK master invoice file of the major chemical company I worked for at the time, shortly before going home for the evening. I had been promoted to Database Administrator (DBA) a few weeks before and I was carrying out routine house-keeping activities – or so I thought. It turned out that my recently-departed predecessor had not been naming database objects logically, had not been carrying out routine house-keeping activities and further, the database management system (DBMS) was quite capable of deleting files in use without warning or protest. The result of all this was I went home unaware. Further, the overnight batch file which wrote the days invoices to the master file and then deleted itself wrote the days invoices to null and then deleted itself. When I came in the next day, Accounts Receivable staff had just been told that as well as inputting the day’s invoices, they would have to re-input the previous day’s too, essentially doing two days work in one day and nobody was to go home until it was done. They gave me the cold shoulder, the Finance Director gave me an earful which included the full cost of my error rounded to the nearest five thousand pounds and the IT Director sent two of his people down to give me a kicking on his behalf. The Senior Systems Programmer beat me up himself; he always was a hands-on kind of guy. The previous night’s dump had been restored in my absence but it turned out that transaction logging had never been enabled, so roll-forward until a few minutes before I had accidentally deleted the file was not possible. At the time I did not know that you could run a DBMS without transaction logging enabled. My response of “how about that?” was not appreciated by sysadmin staff at all.