[Invictus0]

We need to have a professional software engineering license, at least for applications that are handling sensitive data. Why is it that it takes 1000 hours of study to cut people's hair, but anyone off the street can write some software that collects people's driver's licenses? (Looking at you, Tea app developers)

[EvanAnderson]

> Why is it that it takes 1000 hours of study to cut people's hair...

Protectionism by a de facto trade guild was always my assumption.

There are a lot of activities where bad practitioners present significant danger to society and licensure makes sense. I never understood how cutting hair rises to that level. I'd love to know how licensure in the barber profession is anything other than a bald-faced attempt at building a moat. It seems like the market could correct for a bad practitioner in the barber space pretty easily, and with little risk to society.

[fragmede]

> It seems like the market could correct for a bad practitioner in the barber space pretty easily,

Why do you assume that? I bet most people don't know their barber personally, and just go to the shop to get a cut. Should getting a haircut be fraught with having to go online and read a bunch of reviews, followed by the inevitable bickering between fake reviews and fake responses on top of that? No, I just want to get a decent cut for a decent price. We can nitpick over how much training is reasonable, and sure there's an element of protectionism there, but if the Internet had taught us anything, it's that online reviews are bullshit. I would hate to have to rely on them to correct for a bad practitioner when they aren't really able to do anything about bad doctors, which has a much higher bar to practice.

[8n4vidtmkvmk]

My wife just paid $300 for a root touchup and the stylist did an awful job. Apparently money and licenses and who knows how much experience aren't guarantees of a good result either.

I've had bad haircuts too. And I have the simplest hair cut ever. Just buzz it off. But noooo.. on multiple occasions they've missed way too many strands of hair.

[EvanAnderson]

> I bet most people don't know their barber personally, and just go to the shop to get a cut.

My wife and her friends make personal recommendations about stylists frequently. My male friends either go to chain barber shops or they have a personally-known barber (and, in one case when an older barber retired he gave personal recommendations for a new barber). At least in semi-rural Western Ohio I see a lot of word-of-mouth for barbers. I'm an oldster (48), though, so I don't know how the youth handle this. (I also haven't participated personally because I haven't had a haircut in 30+ years...)

[snapcaster]

I think something like professional licenses are easy to see benefits of but really hard to see the downsides. How many wonderful things _wont_ be created when you start gatekeeping something? Maybe it is worth it but it's not some free win

[prmoustache]

Mandating a professional license for hairdressers to work professionally does not prevent you from cutting your partner/friends/family hair as long as you don't ask any money in return.

[Aurornis]

> easy to see benefits of but really hard to see the downsides

I think like most hypothetical discussions, the commenters proposing these ideas aren’t interested in practical versions of the idea with tradeoffs. They imagine a perfect version of it in their minds with no downsides that accomplishes everything they want.

The demand for professional licensure doesn’t even make sense in this context. Is professional licensing supposed to stop developers from naming their packages names that LLMs produce? Is it going to force the package repos to check that everyone has a professional license before submitting packages from the United States (or other countries with licensure)? Can it be worked around by changing your country in the drop-down box to a country that doesn’t have licensing?

The calls for software licensure never seem to take into account the global nature of the Internet and software development.

[8n4vidtmkvmk]

Yes. If they nefariously typosquat, that could be grounds for losing your license.

Adding a link to your verified license in your package.json or personal website so that installers can check that the author of the package they are using does have a license sounds perfectly fine.

Proving you reside or are licensed in some country before you can publish to that countries repository sounds very doable too.

We don't even have to do this perfectly. It's not about preventing people from skirting the system, it's about giving users and developers the option to install from only verified sources.

Would you rather get heart surgery from a licensed doctor or an unlicensed one? What if both existed where you live? I'd probably ask to see their license before going through with it.

[Invictus0]

Like I said, the license should be for handling sensitive data. You're free to make doodle jump if you like.

[snapcaster]

I just don't like when comments on things like this don't engage with the downsides. Gatekeeping isn't "free" or strictly better

[Invictus0]

The status quo is that anyone can make an application that leaks a million drivers licenses, with no oversight, penalty, or restrictions whatsoever. This is good?

If hairdressers have to take time to learn how to not cut people's ears off, people publishing applications should have to learn basic security practices. I think you will find that no one finds this controversial. And yet, we are moving to a world where AI is making it easier than ever for an army of vibe coders to make apps without knowing the literal first thing about security.

[8n4vidtmkvmk]

I'm thinking about this selfishly. I'd have to go and take a test. But my employer would probably pay for it. Maybe if I wasn't already employed, it'd be on my own dime, but even that isn't too unlike the school I've already paid for. And I'm sure I'd pass the test. As long as I don't have to recertify too frequently, it probably wouldn't be awful. And also selfishly, if it keeps some riffraft out, I wouldn't hate that either.

I guess my biggest concern, with parallels to that time I sold life insurance, is that they test for one thing and then in practice you do a different thing. I hear the same is true for realtors. So.. it becomes an exercise in memorizing some BS that you won't use again after the test. If we do this, the software engineering test would need to be updated at least annually, and better be written by some well respected security researchers.

[vincnetas]

no one is prohibiting hackers from hacking. i do my haircut at home without any licenses. what you need license for is to provide services to other people for money.

[jen729w]

In 2023 I was at a talk at the National Press Club in Canberra, Australia, by the deputy head of one of our national intelligence services.

This was just after the Optus leak. Some hundreds of thousands of customers' data, down to the passport and DOB level, leaked. Again. I was going to ask him whether we, the collected IT consultants in the room, simply couldn't be trusted any more.

We've proven that we can't. I firmly believe that independent companies should no longer, by law, be able to collect my identifying information. If you must identify me, the state should provide a service. You hand off to them, they validate me, they send you a token back, I'm validated.

Sadly the microphone never made it to my corner of the room.

[add-sub-mul-div]

1. Most everyone needs haircuts and licensure allows us to take it for granted that we'll get someone with basic competence and that there won't be a citywide outbreak of lice. So much so that we've forgotten the point of the licensure and cite it as folly.

2. Computing was new and mysterious and developed faster than lawmakers could understand it, and by now it's given so much power to the top 1% that they're for all intents and purposes above the law. Cosmetology licensure is from a time when legislation still helped us.

[lan321]

Uni graduates do that still. I wouldn't trust myself to set that up either, as a matter of fact.

Optimally, you'd probably have seniors do some "Security Compliance Certification" and the company do it, then the product has to be approved by the certified, and if an issue arises, the certified get to be reprimanded, especially the company certification in some exponentially scaling manner so that it doesn't become the cost of doing business.

[readthenotes1]

The company was at had to change all of the job titles at one point because the local regulatory agency said that you cannot call yourself an engineer unless you pass the engineering license, which most software developers could not even hope to do with a few years of study

[Aurornis]

What does this have to do with the article? Naming a package to match LLM patterns has nothing to do with licensing.

[Invictus0]

You could imagine that to get a SWE license, you would have to have learned basic security practices which could include things like dependency management.

[8n4vidtmkvmk]

I was thinking the opposite direction. Squatting is malicious and could cost you your license.

[ysofunny]

then you will need to input your license everytime you open develop tools...

sooner or later command line interfaces will require background checks and be limited to a close select group of government approved individuals, e.g. like guns in japan.