Why isn't the idea that software quality starts way before you write any line of code the predominant mindset amongst engineers / the industry?
I have the feeling that most companies don't hold discussions about what software quality means and how it should be measured.
To which extent do you agree or disagree with this feeling?
That means that the number one consideration for the software is profitability. For internal-only software, this means that cost is the prime consideration.
In support of that, often software startups are trying to capture a winner-takes-all market, so time-to-market is critical.
Thirdly, consumer protection law is weak in the US, and product liability is almost nonexistant for software everywhere. The cost of failure is very low even if you leak all your customers' data or your product ceases to work after 18 months because you've "pivoted".
Fourthly, a lot of software is ""free"" or ad-funded. This further weakens the cost of failure.
There are techniques for delivering extremely high quality software. Few sectors of the industry care about them because it's not required and is unprofitable, but the aerospace people can usually get it right and the security people can usually get it right (when dealing with security products, not general purpose junk like Flash).
The automotive industry is kind of on a boundary. The Toyota "unintended acceleration" bug revealed some tremendously poor quality software. This is one of the main worries about self-driving cars: how minimal is the quality assurance going to be?
Dan Ariely (author of the book Predictably Irrational) called allowing free apps on AppStores to be a mistake made by the industry. The customers have now gotten used to free apps, making it harder for the industry/developers to offer better quality.
I don't agree with the idea that free apps are inherently bad - that would rule out Open Source / Free Software, and it would also put the boundary vs "free" web pages in a strange place.
"Free"+adsupported and "Free"+IAPs have certainly produced some strange and terrible incentives though. As has the incredibly bad discovery process on app stores.
Having worked for an AV vendor, I assure you that is not the case. Just check Project Zero[1], most of them do parsing of complex binary formats in kernel mode, 'nuff said.
This is just one example, but all major vendors have had issues:
[1]https://googleprojectzero.blogspot.ro/2016/06/how-to-comprom...
-----------------
OTOH, there are a few individuals who show a great deal of care about software correctness. Daniel Bernstein comes to mind, but many other people are offering big bounties for their personal projects, and have a track record of delivering correct software. But even in cases such as these, there are probably some hidden bugs in there, because of the inherent complexity. Nobody has the time to verify the fine interactions between the compiler, OS, libraries etc.
At the end of the day, if you want higher quality software, you have to incentivize it, as others have mentioned.
Reading along with HN for a few years now is making me more terminology-oriented in areas of coding and capitalism, two of the major themes.
So to me it's only software if it's intended for sale (or profitable distribution), otherwise it's just computer programs.
Same with hardware, if it's not built for profit then it's not wares, just equipment.
Nothing wrong with building in quality for profit, but you may not be able to compete with low-quality-focused operators, especially ones which are strongly established.
First, to extend what you said about startups, you generally aren't totally sure that the market is really there. If it turns out that nobody cares about what you're building, it doesn't matter what quality you built it with. Therefore, as long as it's cheaper to build it with lower quality, startups are rational to build it with little concern for quality.
Second, Toyota: I'm not going to be any kind of apologist for Toyota's horrible software. From what I read about the situation, the way it was written was appalling. And they rightly got a lot of heat over it. (Arguably, they should have gotten more.)
But I wonder if the quality bar isn't being set too high in this situation. If Toyota didn't implement things in software, they would have had to implement it in hardware (either mechanical or electrical). That hardware would have some failure modes and failure rate. If the software has a lower failure rate than the hardware, that's progress, even if the software has a higher failure rate than it should have.
Our discussion of the Toyota flaws is colored by the fatalities. Still, hardware flaws can kill people, too...
I'm not sure being ad-funded weakens the cost of failure. Losing users or having down time impacts revenue immediately if you're ad-funded.
Did Toyota ever recall the affected ETCs?
Are you refererring to adherence to standards like Misra and DO-178B or something else?
The Chinook fiasco is, like most quality issues, really a project management fiasco. The decision to do special software rather than get Boeing to do it, then a series of oversight failures on known problems.
> In support of that, often software startups are trying to capture a winner-takes-all market, so time-to-market is critical.
I think we software engineers should embrace this reality, and learn to live with it. Your employer is willing to spend years to develop top-notch quality software? Great, you can employ all the software engineering best practices. That's not the case? Well, we should have a standard approach for gracefully handling strong time constraints without completely giving up on quality.
One way this unhappiness with our lot is expressed is Technical Debt. For me this just cognitive dissonance on the developers part trying to reconcile / justify why the codebase is a mess and why all those shortcuts were taken to get the thing shipped. If you want to pursue your craft and deliver a result you would be proud of then probably commercial software companies are not for you.
Well all might be great writers at heart but if all the employers want is a pool of people to write pulp fiction and romance novels the sooner we get over it the better.
Of course one solution to this identity crisis is sort of mapped out with Erik Dietrich's Developer Hegemony, https://leanpub.com/developerhegemony but it might take a while to get there.
Often these new features were not accounted for in the original design and in order to fit them into the system in a nice and clean manner, a large rewrite of certain modules and/or database tables is required. Due to time constraints and developer fatigue this is not possible and the mindset of "Just get it done" sinks in. This is no one's fault just a harsh reality of writing software where timelines and profits are a factor.
No one wants to be the guy that hard coded several edge cases into an otherwise clean module but it happens and it happens often as "Just get it done" takes hold. I think a good developer just accepts this, and makes sure to do a good job commenting their code. This especially happens during customer acceptance testing. Customer brings up a feature that they never mentioned before, they want it now. Management and/or your bank account says just give it to them. You hard code it in.
The circle of life
I can abstract out some feature into a handful of classes, and then use that in one place in my code. Was it useful? Probably not. Now I use it in 20 places. Was it useful? Almost certainly. But if I don't have multiple places to use the abstraction, it probably isn't worth developing today.
Last minute changes and exceptions to the rule made that impossible with the given deadline. You are absolutely correct in that the end result is completely fine and the world keeps spinning.
There are no real world consequences aside from needing to remember that there are hard coded exceptions in the code. Its just the hunt for the elusive "perfect execution and design."
When developers talk about "quality," they mean tech debt. Addressing tech debt is problematic for businesses because it's something that never ends. You allocate one month for tech debt and the devs will ask for two. Allocate two and they will ask for three. There is no agreed-upon standard at which devs will stop and say, "Now our code is clean."
Add to this the fact that there are many developers who just always seem to have an agenda about the code they're working on. They never work a project except they're dying to add some pattern or change some aspect of the code, even if it's something that they used to favor a year ago.
A common thing that new hire developers do is call for "a complete rewrite", they do this because when they first approach a large old code base, its daunting and seems impenetrable. Of course they are right, but naive in thinking a "rewrite" will help. Any new rewrite will eventually just grow to be just as impenetrable once all features and edge-cases are accounted for.
Fundamentally, any software product is trying to model some aspect of the real world...and the real world is messy, very messy. Governments pass laws that contradict each other, some laws change drastically state by state, employees try new and novel ways to embezzle, different languages and units of measure exist, changing prices for commodities can suddenly cause complete upheavals in manufacturing process, etc. All this must try to be accounted for and its nearly an impossible task.
The bugs that persist are almost never "I click Button A and it does the wrong thing", but almost always "In case that Situation A + B + C all simultaneously exist, the result as interpreted by Agency X is not optimal". Obvious and real bugs get squashed pretty quickly, but those complex situational bugs can linger for a long time. As a manager, you sometimes just need to shrug, because the effort required to fix each and everyone of these would produce little to no tangible business value. Moreover, an environmental change could come along to render your "fix" invalid anyways.
Sometimes even during design discussions we are completely aware we are creating "a bug", but the decision is made that the amount of people that want both Feature A and where Situation B exist will produce relatively little overlap. Most often we just design a manual workaround, instead of trying to completely eliminate the bug.
I'm always refreshed and excited by dealing with young devs, particularly for their zeal to fix problems, simplify things, and generally improve the product. Yet, I do feel a bit of sadness in that I know reality is going to temper their enthusiasm after a decade or so. Reality is a very hard thing to model with any semblance of being "bug-free".
But one of the benefits of a rewrite is that you can dump all the features and edge-cases that are no longer required. Or fold old edge-cases into new generalities because the business has changed since then.
> the real world is messy, very messy.
Cannot disagree -but- it's nowhere near as messy as the people (often those who are to blame) defending the byzantine software stacks using that argument.
> reality is going to temper their enthusiasm after a decade or so.
I've been doing this professionally for two decades and my enthusiasm for "chuck it away and do it right" hasn't waned one bit.
You will probably appreciate this little piece of anecdata, last July there was an update change in some fiscal Laws in Italy, so that a number of firms had to make a certain payment of taxes within the 31st of July, BUT the change was communicated/published almost "last minute" (as often happens) and a software house had to update their accounting program in a very strict time. The payment code (on the government side) was the same of another payment (already known to be due on the 31/07/2017) so the programmers, in order to distinguish the two payments "anticipated" (virtually) the date on the database, so that two payments were resulting, one on the 30th and one on 31st.
This (intentionally) "queer" behaviour was not explained (or not explained well enough) to the users.
Most users "trusted" the program and everything went well for them, those that noticed the anomaly managed to "force" both payments on the same date, and this resulted in a "single" payment (instead of the two separate ones required), thus messing up the whole thing.
So in regards to your question, it would seem that the market reality is that a lot of the time, it is better for a company to have a quickly-cobbled-together piece of software that mostly does what the customers want (and maybe get to the market first) even if it is low-quality, than it is to have a piece of high-quality software that does less, or is finished later, but is maintainable, and potentially scalable in the future (which you'll never get to enjoy because the worse-is-better people already conquered the market).
The state of the software is currently much worse in my opinion.
Quality is not easily quantified while the price is. Metrics at the customer end are hard to collect (it requires software development too, raising the costs), and in the current state of the art, it also requires having customer support staff too which is still costlier. As a result, quality does not even gets quantified properly. A natural result of which is quality reducing below what would customers desire.
This isn't much different than where quality of MP3 players, laptops and smartphones was headed. Perhaps quality then was being measured just by percentage of customer returns, not by customer satisfaction. Steve Jobs then changed the game. Apple's products would just "feel right" to the customers. Apple iPod took over the market even after being much costlier. It then took a couple years for the rest of the laptop/smartphone manufacturers to catch up.
"Feel right" is definitely a kind of quality that software can compete on. I'd probably put Chrome in this category (relative to other browsers that were around at the time it launched). Sublime Text, maybe. Blizzard games (especially those of a certain era).
Note, though, that this quality is principally about doing what the users want and being pleasant to use while doing so.
It's something that you can definitely focus on deliberately in your work and projects, but I'd argue that a lot of the current mantras that get recited when software quality comes up (test coverage, continuous delivery, maybe even code reviews) are not especially helpful for achieving this kind of user-perceived quality. Maybe even a distraction, in some cases. Getting your code in front of users and listening to feedback can help, certainly. But having a strong, clear, vision of what you're trying to build in the first place might be even more important. And I don't think that's something that's achieved with tools and processes.
Theoretically, you could write software by just having an incredibly long list of test cases and a random string generator.
The quality of that code would probably be terrible, but it would still work as long as your test cases are restrictive enough.
If you have mistaken issues of style for issues of quality, than that might seem to be the case. True quality in software is measurable primarily in the defect rate, and secondarily in the amount of effort needed to enhance it.
> Theoretically, you could write software by just having an incredibly long list of test cases and a random string generator.
Putting aside the time and concurrency issues, the quality would be determined by the correctness and thoroughness of your test cases.
Unfortunately, you learn that some time after you write the poor-quality code...
Software is not made by grownups. And for the most part the development is not managed by grownups. The problem is that so many can get away with childish behaviour.
I'm unconvinced by this argument. Maybe compliance with "best practices" would improve a bit, but I see very little evidence that the results would be good for the average user.
I'm pretty certain, for example, Rich Hickey was having fun at least some of the time when building Clojure -- his belief in it is palpable whenever I've seen one of his talks -- yet it's an incredibly well-thought-out, solid piece of software.
Lots of classic games were passion projects of an individual or a very small and close-knit team. Whether that's "quality" I guess depends on perspective. For me, a lot of classic games very definitely were, though (and a bug or two doesn't necessarily detract from the overall experience).
Basically it comes down to management that is willing and able to tell a client no, or convince the client to budget to do things right, and not management like my current company, which has in the past threatened to disallow even unit test writing and code review as slowing the process down too much.
"Code quality is time and money you're saving your future self" is an argument that only makes sense to people who write code, apparently, until you actually lose a client to avoidable problems.
Up to a point, as soon as you start losing market share to competitors because your customer complains your application crashes every other day. Suddenly, the focus switch back to quality. (Until the next cycle).
What is frustrating as engineer is to release something you know you'll have to fix in 6 months after a customer's complaint. But maybe from a sales point of view that was the right decision.
Quality and security become increasingly important as we depend even more on software systems for essential functions such as cars, power grid management, agriculture, etc. Unfortunately, this situation is all too similar to how many opt for the emergency room over preventative care.
We should also consider that many businesses wouldn't exist if not for lax quality requirements for software products. How many product V1s are chock full of bugs and exploits, and to what extent is that okay? What about open source? As usual, it's pretty complicated.
Sadly, things sometimes get rushed out the door and it's not until some time has passed that they realise the enormous tech debt they've incurred.
* Defect rate (does it do what it's meant to do?)
* Does it do what the user wants? (not always the same as the above...)
* Is it pleasant and efficient to use (definitely not the same as either of the above).
* Is it developed in a way the management are comfortable with? (which often seems to lean towards sufficiently "under control", replaceable developers).
How do you balance these? The answer will be quite different depending on whether you're landing on Mars or writing a free-to-play game.
This is also a large factor in why software projects tend to overrun both in terms of time and budget (the other large factor is bad project management).
Your feeling about the magnitude of the issue (most companies) is wrong. Programmers discuss CQ principles among themselves. However, the discussion becomes more challenging with management.
Management is responsible for accomplishing business objectives. Development and testing timeframes are at odds with business objectives. Adopting CQ delays product. If you're going to delay product, but the product will be beautifully efficient, idiomatic, elegant and possibly a little faster than the first pre-CQ version, you're not going to win an argument in an organizational context where delivery timelines matter.
Time and effort are not a programmer's friend in a task-driven organizational setting. Fortunately, real-time linters tell programmers not only about material errors but present stylistic warnings (such as Python pep8 linters). Further, static analysis tools such as Quantified Code [1] conduct an in-depth analysis of code and suggest stylistic improvements. I suspect that this is an area where machine learning will advance Code Quality further. Maybe, just as there are language servers, there will be code quality servers.
It is worth noting that the QuantifiedCode entity shuttered in the Summer of 2017. It's not clear why the company closed-- did they fail to monetize automated code review? Were they acquired?
In conclusion, the more you can automate code quality-related improvements, the more likely you can promote your Code Quality ideals.
In fact these days, people kinda know what they want, but really only understand what they want when they have something in front of them. I'd go so far as to suggest you can over-engineer a solution too easily and then spend a lot of time refactoring it. YMMV
That's what my CS 101 professor told us our fist day at the university. Heresy! you might think. But it is true.
Making software is a one-off cost for the customer. Maintenance is recurring income for you.
Custom software is Capex (Capital expenditure: investment). Mainteinance is Opex (operational, aka expenses). All Capex you spend will be in your books for several years (usually 3-5). Opex is fort the year only.
A lot of customers will happily like to pay high mainteinance fees if you can convert those fees to development of new features (in case there is little or no debugging/improvement to do).
Now tell that to any sales team and they'll tell you to hold their beer. The problem is, now they've sold your vaporware and you _reallly_ need to ship it, now. Like, yesterday.
And companies are built to optimise other stuff.
I find that in bigger teams with more complex projects that are sold to the customers it’s not usually an afterthought, they take quality seriously usually, at least relatively. I can understand why it’s an afterthought for a small startup trying to see if they can even get customers but they have to be careful too, if they do get traction then quality should be taken very seriously. I can also understand why it’s an afterthought for some internal tooling, the consequences aren’t severe.
I run a cloud based automated test reporting app called Tesults (https://www.tesults.com) and I’ve worked as a software development engineer in test at large tech and game companies. Based on my experience reporting is definitely an afterthought and this makes testing in general an afterthought sometimes. You need a way to keep on top of failing tests and have some measure of the problems that are being discovered. Especially when it comes to the modern agile style way of working where constant check-ins are made.
Another issue is that a lot of testing now (particularly for performance and automation in general) requires testers to be engineers and in some organizations this still isn’t understood. The manual testers are still required of course for UI/UX testing but there is definitely a shift in this area and in games at least it’s taken a long time to understand that.
There is a misconception that code quality comes in a price of developing time but in my experience I have released much faster the final product when I use unit testing, incremental releases, use code reviews and other techniques that help maintain the code quality high.
By not using these techniques you get faster initial release but a much slower final, bug free, release.
Quality in general has always been an afterthought by many if not most people and companies. Always will be.
Some people are just not quality people. But when they find their way into important corporate positions their "leadership" effectively puts a major obstacle in front of any inherently higher-quality operators or teams underneath, restricting the flow of true available quality towards the clients, customers, and shareholders that could otherwise benefit.
Probably why I named my first company Quality, just like so many other companies in so many fields of operation, because it's not an afterthought to me.
Combined, all us "Quality" oriented companies who try to choose this as a differentiator still make up a small minority and are always under continuous pressure to compromise this most elusive feature, sometimes necessary to compete or even survive in situations where higher quality is not fully valued. More often there is downward pressure when lower quality becomes overvalued, as we see this trend growing in the 21st century.
It's tough for so many people to tell the difference between low and high quality anyway, especially for those where it's not even an afterthought.
They pay lip service to it, sure, but when it comes down to it most don't care enough until it actually starts to affect the bottom line. And longer, more expensive development processes are already affecting the bottom line, so come on, get it out the door!
Plus a lot of engineers see quality considerations as a drag. If they can find a home in a company that doesn't want all this "extra" stuff done then, well, this is what you get.
There are notable counter-examples in companies - Big Blue has a huge focus on quality, and their teams put a lot of effort into it (note I am saying nothing about usability here...) which is possible because a lot of stuff there moves slowly anyway. It's also because IBM are very, very good at measuring their cashflows and costs and have figured out just how much lack of quality can impact their bottom line.
There are also many individual engineers in smaller companies who put quality up front, and try their damnedest to push it through even where the business may not really care.
( * mostly SMEs are terrible for this, IMHO, though one or two large corporates I've worked with haven't been that great either)
Outright unsubsidized failures that never deliver any product to customers are mostly functions of communicative challenges. The opacity of costing for simple speed/space or protocol adherence engineering decisions is easy to underestimate. Business actors will nod and agree to anything that sounds good and give wrong signals. Others wave hands frantically around every buzzword and easy windfall demanding features. Many purchase agents subject to hype have no idea what they are buying and fetishize wasted software LOE. Training is routinely shortchanged for industries with high turnover.
Accept failure and then low quality as the norm. Then seek team members, suppliers, channel partners and customers around new or rekindled software with needs to focus intensively for 2 months and then 24 months. Most enduring software requires stakeholders more than customers. Leave other endeavors up to researchers and understand what capital resources amplify or do not amplify.
When software is created without a profit motive, then it is to coolness of the idea that motivates the creators. Focusing on quality would only slow down the "creative" process.
At almost every company, the primary background motivation is not getting fired. Virtually no one even aspires to great work let alone takes the risk to have a vision.
This is pretty rational. There's just no incentive to risk your neck pushing for quality when you'll just end up working a lot harder for little reward.
I agree with the general sentiment. Things have improved in recent years though, in part on account of movements like software craftsmanship, habits like clean code and also because software is becoming more easily and more rapidly testable due to better testing frameworks.
Testing frameworks are only one part of the equation. As you stated correctly software quality starts at the beginning i.e. with the requirements or rather even earlier when defining your values and expectations for your project and the software you create for it. There's no shortage of tools for this aspect of software quality either. Those are less rigorous though and emphasise communication rather than true / false (test succeeded / failed) outcomes. Communication is a vital component of good software quality but it has a way of becoming an end in itself rather than a means, e.g. in the form of pointless, cargo cult meetings.
Furthermore, in order to accurately measure software development outcomes it is essential to have clearly verifiable acceptance criteria. Defining those can be time-consuming.
Simply put, software quality requires investment, both in terms of time and money. Not investing in software quality means taking on massive technical debt. It's unfortunately still a common practice because often a lack in quality will only come back to bite you after some time. It's relatively easy to temporarily cover up and paper over quality deficiencies by implementing workarounds or simply by putting in extra hours. Those temporary measures aren't sustainable in the long run though. They just lead to more technical and organisational debt. Ultimately that debt can become unmanageable.
Much like in the boiling frog parable that increase in debt happens very gradually so it's often not perceived as a problem until it's (almost) too late.
Apart from that some people might deliberately choose to not care about good software quality. But in my opinion this is often a sign of missing/poor education/experience.
There are two big trade-offs in time alone: missing the chance to be first to market (mongo vs rethink comes to mind, albeit not quite accurate), and the need to get feedback early and often enough to pivot if the idea isn't quite right.
Then the layers of lava come- not enough time to rewrite everything now that the domain is better understood, the prototype becomes the foundation, and cruft builds up.
I have instead the feeling that the matter is endlessly talked about in meetings but noone actually puts in practice the "good intentions" discussed (for the one or the other reason).
If you cannot manage the complexity of the software developed, you increase the risk of creating lower quality software.
But this is certainly not the majority.
:points madly around the room:
1. Creative and intelligent people are forced into an industrialized process of distributed micromanagement (Scrum) which stifles their ability to create a truly wonderful product and instead leaves them feeling lost and producing their worst work.
2. Idiots are running the show.
3. Quality is seen by the above-mentioned idiots as a threat to the deadline, whereas the reality is that low quality spreads like cancer and kills projects before they can deliver unless a series of miracles occur, in which case they deliver over time, over budget, descoped, and full of bugs.
4. Implementing non-functional requirements (i.e. the environment in which features exist) doesn’t visibly demonstrate progress to stakeholders, so this activity is deprioritised in favour of building features so there will be something to demo at the next showcase and the project manager can keep his job. At some point, as developers try to implement non-functional requirements, they’re faced with features that haven’t implemented the non-functional parts and features that have to be rebuilt after the non-functional requirements are implemented. After some time, the developers “come clean” to the project manager about incomplete features when, in fact, those features couldn’t be completed at the time because the environment in which they are supposed to exist barely existed itself.
