Comment by AnthonyMouse
18 hours ago
> Definitely not the untested code I wrote myself!
Nobody said it was untested.
> How many times have you unwillingly introduced bugs into a code base you didn’t fully understand? That’s basically table stakes for software engineering.
Which applies just the same to the people the company hired to do it, and now we're back to "the people with a stronger incentive to get it right are the people who die if it goes wrong".
I can’t tell if you seriously think a random person writing code in their basement is equivalent to a company that has access to API docs, design specs, actual test hardware, the expertise of a ton of engineers that have worked on the project and understand how it can go wrong, not to mention all the regulations and verifications they’re subject to.
But if you do then wow. That really puts in perspective the kind of people that use hacker news. I’m gonna be more selective about who I bother replying to going forward.
> I can’t tell if you seriously think a random person writing code in their basement is equivalent to a company that has access to API docs, design specs
Are you saying not having those things is dangerous? They should be required to publish all of that for safety-critical devices then.
> actual test hardware
Why would arbitrary people be unable to buy test hardware? Again something to be addressed if true rather than used as an excuse.
> the expertise of a ton of engineers that have worked on the project and understand how it can go wrong
Do they not have internet access? If they don't even work for the company anymore then that could be the only way to access that information.
Literally something which is happening on the linked Reddit page.
> not to mention all the regulations and verifications they’re subject to.
Regulations are for preventing someone else from harming you. You don't need a government incentive to protect you from yourself, you already come with that incentive.
Tested how? With 100% "unit test" coverage? I can certainly see how a random person on the internet might be highly motivated and actually talented enough to contribute to these sorts of projects. But they don't have the budget and resources that commercial entities have. They don't have the same due diligence requirements. They don't have the same liability. If I use a commercial device unaltered, it's the company's fault if the device fucks up or is defective and causes harm. If I install random internet software on my medical device and it fucks up and causes harm, it's my fault.
I say this as someone who might modify my own medical devices because I'm so fucking jaded over the capitalist march towards enshitification and maximizing profit over human lives. There is simply no way random folks on the internet can test these types of systems to any reliable degree. It requires rigorous testing across hundreds to thousands of test cases. They at best can give you the recipe that works well for them and the few people that have voluntarily tried their version. That doesn't scale and certainly isn't any safer than corporate solutions.
Why do people think constantly something made by some random company is automatically better than something made "DIY".
I totally understand, that because of liability and some more availability of resources, you would expect a company product to be "safe". BUT: if it is your butt that is going to be in the line, then I bet you: you will be much more careful that a random engineer in some random company. About the resources available in a big company, they are usually more directed to marketing, legal (including lobbing to avoid right to repair) and oder areas to maximize revenue, and not exactly in quality.
I worked in 2 different big companies which worked in "mission critical systems" and boy! I can tell you some stories about how unsafe is what they do, and how much money is invested in "cover your ass" instead of making products better/safer.
I thought I explained it, but I'll break it down into smaller words. Medical software doesn't just have to solve one particular users's problems. It has to be generalized to the majority of folk seeking treatment for a particular problem. If one particular CPAP user is able to tweak their settings to work better for their particular lifestyle, it is not generalizeable to every CPAP user. A corporation offering a general solution is put under *far* more scrutiny than a random github repo is. A corporation can be sued for releasing a product that kills people, but good luck convincing a court that your family deserves restitution for you installing a random script you found on the internet into your insulin pump.
This has fuck all to do with how much corporations care about people. It has everything to do with liability laws and how victims can get restitution. It has everything to do with the actual risks of installing random internet scripts versus the corporations who have to jump through regulatory hoops. And it's not to say corporations get everything right. They fuck things up constantly. But they fuck things up constantly with oversight and regulation and you want me to believe random internet users will make a better product without it. It's nonsense.
1 reply →
> But they don't have the budget and resources that commercial entities have.
Everyone is standing on the shoulders of giants. You're not going from stone tools to jet engines in a month, but you could fix a bug in one in that time.
> They don't have the same due diligence requirements. They don't have the same liability.
Things that exist to try to mitigate the misalignment of incentives that comes from paying someone else to create something you depend on. Better for the incentives to align to begin with.
Notice also that these things are floors, not ceilings. The company is only required to do the minimum. You can exceed it by as much as you like.
> If I use a commercial device unaltered, it's the company's fault if the device fucks up or is defective and causes harm. If I install random internet software on my medical device and it fucks up and causes harm, it's my fault.
And then if the community version fixes a bug that would have killed you and you stick with the commercial version you can sue them for killing you. Except that you're dead.
> There is simply no way random folks on the internet can test these types of systems to any reliable degree.
Basically the entire population is on the internet, so the set of them includes all the people doing it for a corporation. Are they going to forget how to do their jobs when they go home, or when they or a member of their family gets issued another company's device and they want it to be right?