← Back to context

Comment by fao_

8 hours ago

Yeah! It's not like code quality matters in terms of negative value or lives lost, right?!

https://en.wikipedia.org/wiki/Horizon_IT_scandal

Furthermore,

> As for the artifact that Tan was building with such frenetic energy, I was broadly ignoring it. Polish software engineer Gregorein, however, took it apart, and the results are at once predictable, hilarious and instructive: A single load of Tan’s "newsletter-blog-thingy" included multiple test harnesses (!), the Hello World Rails app (?!), a stowaway text editor, and then eight different variants of the same logo — one of which with zero bytes.

Do you think any of the... /things/ bundled in this software increased the surface area that attacks could be leveraged against?

7 comments

fao_

Reply
SvenL  7 hours ago

I also struggle with this all the time, balance between bringing value/joy and level of craft. Most human written stuff might look really ugly or was written in a weird way but as long as it’s useful it’s ok.

What I don’t like here is the bragging about the LoC. He’s not bragging about the value it could provide. Yes people also write shitty code but they don’t brag about it - most of the time they are even ashamed.

lotsofpulp  7 hours ago

The Horizon IT scandal was not caused by poor code quality, the scandal was the corrupt employees of the UK government/Post Office. Poor quality code might have caused the error, but the failure to investigate the errors and sweep them under the rug was made by humans.

  • fao_  6 hours ago

    > Poor quality code might have caused the error, but the failure to investigate the errors and sweep them under the rug was made by humans.

    That's not quite correct.

    The root set of errors were made by the accounting software. The branch sets of errors were made by humans taking Horizon IT's word for it that there was no fault in the code, and instead blaming the workers for the differences in the balance sheets.

    If there were no errors in the accounting software (i.e. it had been properly designed and tested), then none of that would have happened.

    Nobody blames THERAC-25 on the human operator.

    • rcxdude  5 hours ago

      It was worse than that. Higher ups in the post office knew the system was buggy and still doubled down on it. Yes, if the accounting software wasn't terrible the whole issue would not have happened, but there were so, so, many chances for the post office to do the right thing afterwards that it's not at all fair to blame the results on the poor quality software, which very notably did not prosecute thousands of people for fraud while telling each of them they were the only ones being flagged by the system.

      (THERAC-25 was a little more towards 'just bad software', but there were still systemic failures there as well).

8note  7 hours ago

> included multiple test harnesses (!)

ive seen plenty of real code written by real people with multiple test harnesses and multiple mocking libraries.

its still kinda irrelevant to whether the code does anything useful; only a descriptor of the funding model

  • flir  6 hours ago

    If I'm reading this correctly ("a single homepage load of http://garryslist.org downloads 6.42 MB across 169 requests"), the test harnesses were being downloaded by end users. They weren't being installed as devDependencies.