[raggles]

Yep, I'm an Electrical Engineer, and I also write code. I don't like the term Software Engineer, because there is none of the of the regulated safety and quality mechanisms required for software that are normally associated with professional engineering.

[theideaofcoffee]

Same, which is why I bristle at my title containing "engineer" as I don't have a PE. If most software engineers want to legitimately call themselves engineers, the field should be formalized as an engineering discipline, including coursework, certification/licensure and, better yet, apprenticeship-like experiences required for "real" engineers working toward their Professional Engineer license.

Edit: I'd add this goes double when working on safety-critical code, or anything touching protected health data, or payment/financial data. It's just too toxic and valuable to leave to a chance change.

[pxc]

> If most software engineers want to legitimately call themselves engineers, the field should be formalized as an engineering discipline, including coursework, certification/licensure and, better yet, apprenticeship-like experiences required for "real" engineers working toward their Professional Engineer license.

I agree, although in reality it's not chiefly developers themselves who are responsible for quick, lazy approaches, is it? Developers are typically the parties most pained by technical debt. If the discipline of software development is to become software engineering in earnest, there will have to be some pressure all the way up the management chain— pressure strong enough to outweigh software's low cost of iteration. I imagine this is really rare outside of highly regulated industries and very specific applications, and even with a formalized software engineering discipline, many companies will prefer sloppy software development and many competitive markets will 'select for' such companies.

[ethbr1]

> although in reality it's not chiefly developers themselves who are responsible for quick, lazy approaches, is it? Developers are typically the parties most pained by technical debt.

I'd agree with you, except... ooh, a new, shiny, untested language / framework / platform to rewrite the codebase in!

[hello_moto]

Yup, like for example: Rust!

[pxc]

Rust isn't really new or untested, though. I issue with RIIR isn't Rust so much as the act of rewriting, which carries inherent risks.

I think the temptation to rewrite also reflects how messy and unworkable we let codebasee get— sometimes that impulse is more about the pain of working with the existing codebase than anything else.

[ethbr1]

To me, the tragedy of rewriting is the underappreciation of why the gnarliest 5% of the codebase is there.

Occasionally, usually because initial requirements were sorely lacking or changed, you can simplify the system via rewrite.

More often, everyone ends up realizing they didn't actually understand that last 5% of edge cases.

And then you've either replaced the working system with a 95% complete solution (so common in modern software) or you produce a system equally ugly once you handle that last 5%.

[paulddraper]

> I bristle at my title containing "engineer" as I don't have a PE

Lol HN.

Outside of civil/structural disciplines, PE is not required for engineering.

Mechanical, Chemical, Electrical, Nuclear don't require it.

I've literally never met an Aerospace engineer with a PE, and they build planes 'n sht.

---

It's a pure resume padder, like Cisco or AWS certifications.

[randomcarbloke]

America's obsession with professional licensure is so confusing, it's an absurd level of protectionism for a country that claims to love freedom, do you really need a license to cut hair etc?

Some programmers (evident in the replies) even think it should exist for their profession, a very worrying idea.

[theideaofcoffee]

"Nah, those uppity software engineers don't need any additional training. How dare they think they have any right to tell us how to manage this roll-out" says management, "We'll just cowboy this update and wipe out 8.5 million systems. Besides, it's not like they're working on nuclear reactors, yeah? How complex could it be?"

You're just proving my point in that it's a CTO that dismisses the argument in a rather childish way. They would be the one to be told 'no' by the now-professional software engineers when their license and livelihood is on the line while being pressured to do something that goes against their recommendation. Funny how that power dynamic changes when there's something real on the line and not just an inflated title, huh?

Perhaps if those aerospace and software engineers that attempted to blow the whistle at Boeing were successful and were empowered via their license to say enough and stop development on MCAS, there wouldn’t be 300+ dead people because of a software change rammed through by management. The licensure ain’t just window dressing. It has real, actual impact on real human lives. Don’t be so dismissive.

[ffsm8]

He isn't dismissive about the problem, he's dismissive about the proposed solution.

A certificate would not change the status quo at this point.

Software developers/engineers are - for the most part - seen as essentially blue collar workers. Replaceable gears that MBAs can just "scale up" or "down" to fit their currently desired velocity. Let's ignore the fact that this fundamentally isn't true, but it's what they believe.

The work they do is decided by MBAs, and the time they have to implement these changes is heavily influenced by other MBAs.

Adding a certificate to this mix will change literally nothing

[paulddraper]

I'm dismissive of

> I bristle at my title containing "engineer" as I don't have a PE

because it is aggressively ignorant of facts.

I have no comment on the potential utility of a PE requirement, software or otherwise.

[imiric]

A PE license isn't just for certifying a minimum level of technical competence. It also requires aligning with a specific code of ethics, to ensure safety and wellbeing of the public.

If there's anything that the software industry needs most is a code of ethics. Companies are built on software that exploits, tricks and deceives their users. They release borderline malware and get rich doing it, either by having complicit investors or fooling them with false valuations. They cover their asses with dishonest PR, and lobby governments to keep the party going. This happens in the largest tech giants and tiny startups alike. And don't get me started on the gaming industry and their predatory practices.

We often exculpate engineers as being cogs in the machine, but they're ultimately choosing to work in these places, and enable this behavior.

The world would be a much better place if software engineers were required to take and uphold the equivalent of the Hippocratic Oath. We don't expect less from health professionals. Why should we from IT ones when the world is run by software?

[paulddraper]

Software engineering has as much a code of ethics as mechanical engineering.

Maybe there's improvement to be had, but this is not a difference between disciplines.

[imiric]

Huh? Please show me a code of ethics taught in software engineering courses.

If one exists, I would like to see your argument that SWEs are adhering to it, and that the software industry is behaving ethically.

[raggles]

I think this is changing, in my country the equivalent of PE will soon be required for a number of engineering disciplines, not just civil. But that's kind of missing the point, which is that professional engineering is guided by fairly comprehensive standards, such as those from the IEC (or ANSI, IEEE), and compliance with those standards is generally a legal requirement.

[TacticalCoder]

> ... because there is none of the of the regulated safety and quality mechanisms required for software that are normally associated with professional engineering.

And then a lot of "real" engineering now require software anyway: self-driving cars (written in part by people who are hacking together webapps by pulling in thousands of NPM dependencies) comes to mind.

The future is honestly a bit scary looking.

On the bright side things are going to get "interesting". At some point in the past we had many "Uber but for ...". Soon we'll have "Clownstrike but for fridges", "Clownstrike but for cars", etc.

Should be fun.

[threatofrain]

An engineer is just a distinction to separate practitioners from people who develop the actual science that engineers depend on. For example, do American engineers who work on food or cosmetics have safety or quality mechanisms? Food and cosmetics are things applied to the body, and thus have a more direct relationship to biological safety or harm. Using science is not the reason why people should face regulations. Some engineers work on legos. Other engineers work for the armed forces.

The Crowdstrike incident is worth billions and people may have died. If you look to the engineer you won't be able to recover billions. Hospitals must absolutely be on the hook as they are the direct interface to their customers; hospitals in turn can sue Crowdstrike.

An event worth billions must have billions in liability in order to prevent perverse incentives. Otherwise hospitals will just say "well McKinsey said it was a good bet, so what gives?"

[_heimdall]

While I agree based on the quality of software development I've seen over 15 years in the industry, I don't think the hard requirement should be a regulatory structure.

That absolutely can work, and does for plenty of industries, but it also creates the potential for a false sense of security until planes start falling out of the sky.

My frustration, and disappointment, in the software industry has generally been the complete unwillingness at scale for us to take on the responsibility to ensure safety and reliability without regulations enforcing it. Plenty of this responsibility (blame?) falls on companies led by individuals who are solely focused on profit and self-interest, but we have to own some of the responsibility as we're the ones agreeing to write and ship bad code.

[nostrademons]

There are plenty of software systems built for security (eg. OpenBSD, Haskell @ Galois, CapROS), but by-and-large customers don't use them. Shiny new features brought quickly to market seems to beat out security and reliability every time. This pattern seems to extend into other industries that have adopted software as well, eg. the auto industry is in the process of transitioning from shipping highly reliable cars that just drive to shipping computers on wheels that frequently can't go.

Understanding why this happens would be an interesting research project. Part of it might be information asymmetry with customers (shiny new features are very visible at sale time and reliability is totally unknown, so customers tend to weight known features over unknown reliability), and part might be principle agent issues (the decision maker who bought the software will have collected their bonus and retired long before the data breach can be attributed to them), and part might be that the market simply hasn't caught up to the negative consequences of all this change and careless companies will be purged by the market in the future.

I'm not terribly fond of regulation as a solution either. It tends to overconstrain industries, prevent innovation, and leave a hole at the lower end of the market that eventually makes products unaffordable. But there should be some quality mechanism that incentivizes decision makers to do the right thing and invest in quality even when there's a cost in features.

[_heimdall]

Removing legal protections for corporations and those in charge would go a long way. For example, if those in charge are personally liable for wrongdoing they would think twice. CrowdStrike as a product may not even exist as it is in that world, a company leader may not want the personal risk of being able to take down a large chunk of the internet. There also may not be security holes to guard if the leaders of an OS company weren't willing to skip security in favor of fancy new AI features.

[dopylitty]

This is a nice idea but the problem isn't the individuals in the system but the system itself. As long as shareholder value/profit is the only factor companies consider this is the end result you will get.

Management is just making decisions based on what the companies value and companies are just valuing what their shareholders value which is more money for the shareholders.

The best way to fix it would be to reform the stock market system so that companies aren't beholden to uninvolved third parties looking to make a quick buck. Only active employees should own stock in companies and sit on company boards.

This would also require reforming the retirement system so retirement money isn't just dumped into the stock market. It needs to instead go somewhere safe and just sit. Retirement funds being in the stock market creates a huge inflationary feedback loop by demanding constant increases in profits which cause companies to raise prices which causes retirement funds to need to be bigger which causes them to demand more profit increases.

[_heimdall]

I'm not opposed to stock market reforms, I'm sure there's good that could be done there. Even with today's stock market setup and companies' fiduciary obligations, if a company could be meaningfully financially by legal actions they would think twice.

Take CrowdStrike for example. If the company and its leadership wasn't so well shielded from financial and legal liability they likely wouldn't have had a process that allowed rolling out an untested update to the entire world at once. Instead, they have a CEO that did effectively the same thing at McAfee before allowing it at CrowdStrike and the company will likely get little more than a financial slap of the wrist.

Would it solve everything? Absolutely not, and other actions like changes to the stock market could help. But it surely would make a difference if leadership and companies knew they could actually be ruined if they are provably negligent or culpable in damages caused.

[ThrowawayR2]

> "Removing legal protections for corporations and those in charge would go a long way. For example, if those in charge are personally liable for wrongdoing they would think twice."

Cute fantasy about pinning everything on management but people do remember the old adage that "shit rolls downhill" don't they? What that will result in is very onerous processes and certifications mandated by "those in charge" on the people at the bottom to generate ironclad proof of no wrongdoing, at least for themselves. Maybe that is ultimately what this industry needs but it is also going to result in a work environment which really sucks a lot.

[_heimdall]

It isn't about pinning everything on management, that's just as unfair to them as today's setup is for everyone else.

When management actively makes decisions to prioritize profit over security, for example, they should be held personally liable when a security issue occurs. I'm not really sure what a reasonable argument for that not being the case would look like.

If such a setup did result in a shitty work environment, people would ultimately have the option to not work at certain companies or to work for themselves. We can't assume that people must work for big tech and limit ourselves to what works in that sandbox.

[nostrademons]

A lot of things besides CrowdStrike would not exist in that world, notably Windows and your electric utility. Some people might consider that an improvement, but beware unintended consequences.

[_heimdall]

Are you assuming that Windows and electric companies are all run by people knowingly making decisions to cut corners and put the company at risk?

Leaders of an electric company shouldn't be held liable for a lightning strike that starts a fire, for example. But they should be held liable if they purposely decide not to spend the money it takes to maintain power lines and a tree branch that should have been trimmed falls and starts a fire.

There would be consequences of such a system that change what we have today, but I wouldn't expect that to mean we couldn't possibly have things like electric companies.

[jordanb]

My perfect example of the failure of our industry to maintain any professional standards is the widespread use of YAML.

This is used as a configuration and data exchange format despite having no formal definition, resulting in different results based on the parser used, and a weak typing system that has caused many bugs in many applications that use it. This despite the fact that many better, more reliable configuration and data interchange systems existed even before YAML got popular.

[beardedwizard]

I have often blamed software engineers for being complicit, however we should avoid a system that forces a worker to bear the cost of this choice in the first place.

[_heimdall]

That's a bit of a chicken and egg problem, isn't it? We can only avoid a system that forces a worker to bear the cost if they first decide to bear it.

[beardedwizard]

If we force people to choose between paying the bills and cutting corners we know what happens - we have seen this movie many times in history.

I prefer the idealistic view that each individual can make a change through choice, but the reality is that choice is a privilege that isn't evenly distributed across the population. For example some can afford to not shop at Walmart, others can not - paradoxical as it may be from a local economics perspective.

Regulation is the typical blunt instrument to move the incentives to the business leaders rather than the individual. Other commenters don't think regulation is the answer, but I think most agree doing nothing won't change the status quo soon enough.

[_heimdall]

> For example some can afford to not shop at Walmart, others can not - paradoxical as it may be from a local economics perspective.

While I personally agree with the sentiment of your comment in general, this piece really is part of the blind spot in my opinion.

The assumption here is that everyone has to get all of their for from a grocery store, and the only question is what quality of products you can afford. It doesn't have to be that way, and wasn't until very recently in human history.

We almost always have alternatives. They just often seem so extreme as to not be feasible. People can grow their own food though. And at least in the US, we could go without a huge portion of the crap we spend money on every year. We just choose not to. There's absolutely nothing wrong with that choice, but its important to realize it is a choice.

[beardedwizard]

I can see your point. What I was hoping to highlight is slightly different which can be illustrated through your comment on growing your own food - you need the privilege of both time and space to even do that. Lacking both you may be forced to choose something that harms your long term interests like shopping at Walmart and putting local grocers you can't afford out of business.

A good example of this is an urban single parent of multiple kids, time and space are likely very scarce and choices are limited.

[eddd-ddde]

Very interesting. I'm fairly young and I have never associated the term engineering with regulation. When I think engineering I just think problem solving.

[petermcneeley]

"none of the of the" Genius level comment that demonstrates the need for a quality review of ones work.