• KomfortablesKissen@discuss.tchncs.de
    link
    fedilink
    arrow-up
    3
    ·
    5 months ago

    I can put the blame to your customers. If I make a contract with a bank they are responsible for my money. I don’t care about their choice of infrastructure. They are responsible for this. They have to be sued for this. Same for hospitals. Same for everyone else. Why should they be exempt from punishment for not providing the one service they were trusted to provide? Am I expected to feel for them because they made the “sensible choice” of employing the cheapest tools?

    This was a business decision to trust someone external. It should not be tolerated that they point their fingers elsewhere.

    • ricecake@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      5 months ago

      Can’t fault you for feeling that way. I definitely don’t think anyone should be exempt from responsibility, I meant blame in the more emotional “ugh, you jerk” sense.

      If someone can’t fulfill their responsibilities because someone they depended on failed them, they’re still responsible for that failure to me, but I’m not blaming them if that makes any sense.

      Power outage or not, the store owes me an ice cream cake and they need to make things even between us, but I’m not upset with them for the power outage.

      • KomfortablesKissen@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        You can be reasonable in your choice of words, but there are heads that need to roll. In this case it is not the one pushing the final button, but all those that created this system. Developers, Project Managers, Team Leaders, all the way up to the CEO. If the space to work in is so limited that the possibility of such pushes seems like a tolerable idea, then everything leading to this is broken. And people need to invest to make this right. Therefore there needs to be incentives, good and bad. To steer out of the current course there need to be very unfavorable incentives.

        You can mock my argument by giving a ridiculous example. Once people die it will be too late. It’s why there was a time where people thought it to be a good idea to employ giant generators to keep the power in a hospital running even in case of a power outage. Or to have redundant systems in an airplane.

        There is a need for adequate standards in the software world. Trusting businesses to create them will evidently kill people. Creating something like certificates for personal skills and products is severely lacking.

        • ricecake@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          I wasn’t mocking your argument, I was agreeing with you and clarifying that my feeling was about who I’m most “irritated” with, not about responsibility or legal culpability.

          My example was for simplicity, not mockery.
          The power going out is the power companies fault, so I’m most mad at them. The store didn’t have a generator because they trusted the power company, so my cake got ruined. I’m still mad at them but less so because they weren’t the cause of the problem, even though they could have done more to prevent this from impacting me.
          Culpability wise, I can only make demands of the store and hope that enough other people do so that they in turn demand answers from the power company.

          There are actually a fair number of certifications, including ones from government agencies, relating to software development, deployment, and related practices. That so many organizations didn’t have the ones relating to protection from supply chain issues is distressing, to say nothing of it slipping through quality control in the first place.

          Please, if you think we’re in a place in this thread where I’d be mocking you, re-read it with the understanding that I agree with you entirely on legal and structural issues, and at most just have a different opinion about where the balance of "fuck you"s go. I think I put more scorn towards the vendor because doing the thing is worse than failing to prevent the thing. Also, I work at a parallel company and so I’m more familiar with exactly how much you have to be fucking up for this to happen because I spent the last three days dealing with the more minor controls that prevent this from happening. Everyone has outages because you can’t prevent 100% of errors, but it’s on the vendor to build to the spec of their most sensitive customer and ensure that outages don’t keep a doctor from patient records.

          • KomfortablesKissen@discuss.tchncs.de
            link
            fedilink
            arrow-up
            1
            ·
            5 months ago

            I wasn’t mocking your argument, I was agreeing with you and clarifying that my feeling was about who I’m most “irritated” with, not about responsibility or legal culpability.

            Okay, sorry for that. It happens to me sometimes to be mocked without me seeing prior cause for this. Thank you for clarifying that.

            If a shop can’t sell me cakes, then it’s inconvenient. If a hospital is not able to keep people alive, that’s where things get intolerable. Them not having access to their PCs is a hospital thing. If they cannot use them they should not use them. If it’s a cost saving measure at the cost of people’s lives, then I want heads to roll. Literally, preferably.

            For the icecream, yes. If I want icecream and the shop doesn’t have any because of a power grid failure, then I blame the power company more. The generator would be overkill, as it needs constant maintanance and checkups; immense running costs. This would not be justifiable for something like ice cream.

            The hospital needs to be way more thorough with their supply chains. This discrepancy of responsibilities towards patients/customers is why I thought I was mocked, sorry again for that.

            I called the certification processes “lacking” because they are very often out of date, if at all applied, like you said. The timeframe for product certifications needs to be drastically reduced for software products. I am aware that those checks need time the developers often don’t have, but that doesn’t matter. If that is a crucial issue, then they should stay the fuck away from critical infrastructure.