Ethics + Software releases ( Service packs, and all that crap)

[guestgulkan]

Is it too much to ask the software industry to improve
software testing prior to release.
It seems (to me anyway) that a lot of half assed software
is released, only to be followed by service pack after service pack - some of which are eventually bigger than the
original program.


Maybe it's time we start sueing the software companies for
lost production, lost time, etc.. maybe only then will 'they' get their act together.

 

[TomKane]

I hear what you're saying....

In a lot of cases little thought is given to the testing. I'm currently working on a software release that is, for various reasons, running behind schedule so I've been told that we'll shorten the UAT in order to make up for the time. I'm at a loss really to understand the thinking behind that.

When it comes to fairly complicated, flexible, user configurable software - there are so many possible logical paths I guess some combinations just get skipped over - which is no help to the end user whose enterprise may well depend on an untested scenario....

Some of it the nature of software development - programs are written by people and people make mistakes - some of the mistakes are caught during testing and some slip through the net and are only found in production

 

[Tarwn]

I've found that no matter how much testing I do on an application the users always find something I never considered. While the testing process could obviously be improved, There is no way to catch all errors. There is no way to say "x% of errors must be fixed before release" because obviously the company doesn't know they are there, so there is no way to know the total number of errors.
The whole move from Programming to Software Engineering is supposed to help the process, decrease the number of errors, decrease holes in the code, etc. Unfortunatly the more complex you make the program, the more gremlins infest it. And as was mentioned above, there are a lot of managers out there on deadlines who will cut testing time in order to extend development time (generally due to unforeseen circumstances or errors in the initial time estimates), or increase the early finish bonus.
I'm just happy that companies do release service packs, otherwise we would be forced to buy a new version every 6 months instead.

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
With enough resources, time, and coffee, anything is possible.

 

[sleipnir214]

I don't mind the service packs -- at least I know that someone is thinking about the problem. I also know that as program complexity grows, the chances of finding all bugs before publication approaches zero.

However, something I've railed about in Tek-Tips on several occasions is that Mi¢ro$oft, for one, doesn't incorporate those bug fixes into its products. Why is it that when Windows 2000 has two service packs and ancilliary bugfixes, when I buy a a copy of that software today, I still have to apply those patches? Why can't Mi¢ro$oft update their distribution? ______________________________________________________________________
TANSTAAFL!

 

[Tarwn]

part of the reason might be because it is much easier to patch an already set up, running, and configured system than it is to alter the installation files and possibly add in more bugs.
If the error has been solved and a patch provided (and tested) than it is much easier to have it either replace/update critical elements of a running OS than to create a new installation set that may have aditional errors because it is being added at install rather than on a full running machine.
I agree that it would be nioce if they did this, I would really really really like to be able to blow out my win2k server box and reinstall, it's just that I don't want to go through the hours of patches and service packs.
Also realize that, yes, microsoft is a large corporation making a profit. Releasing service packs only profits them by trying to make existing customers happy and return for more products. Any major corporation these days does only what it feels it has to to get the consumer to buy the next product. There is no law stating they have to fix bugs, their is no guarantee of a lack of bugs. It's just been slowly proven over the years that only the companies that continue to offer support (patches, service packs, etc) will get ahead.
As a sidenote, Halflife (the game) finally started releasing CD's with patches on them over 2 years after release, despite the numerous (10+) patches that were required for internet use once a server upgraded. And they only supplied a version patched to 6.

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
With enough resources, time, and coffee, anything is possible.

 

[sleipnir214]

Honestly, as much as I have enjoyed playing Half-Life in the past, I'm not worried about a game's updates. Few people, if anyone, are going to lose money over the lack of game patches.

Mi¢ro$oft produces software that provides mission-critical functions to companies. As such, I hold them to a higher standard than I do Sierra.

There have been documented cases of IIS servers' being infected by Nimda within the 25 minute window it took to download the patches to stop the infection. This is a major security flaw which actually reduces the operational capabilities of the software. ______________________________________________________________________
TANSTAAFL!

 

[Tarwn]

Hmm, I would wonder what these people were doing during that 25 minute window, if it was that mission critical I would think you would want to quarantine the systems and patch by burned cd, or at least just the patch if not the quarantine. Nimda doesn't just pop up out of nowhere.
If a system is mission critical than it should have adequate protection, up to and including network quarantines. There will always be ways to take advantage of a piece of software that complex, at least they attempted to fix the problem.
As another example, SSH had a serious buffer overun insecurity which would allow anyone with the client to connect to a box as root. It took a little while for a patch to come out.
Every large program, whether OS or whatever, has insecurities, and unfortunately there are people out there attempting to take advantage of that. The only thing that makes MS competitors more safe is that they are used less by ignorant people and thus are targeted more often, sometimes by very simple kiddie scripts, sometimes by complex things like Nimda, where the creator knows he will get a much higher amount of recognition due to the sheer number of windows boxes out there.
And by ignorant people I don't just mean my mother on her home computer, I mean even some people in charge of vital systems... For example, I was amazed at the MS SQLServer hole that was so widely published not to long ago. Is it microsofts fault for not providing a default password or the installer for being to lazy to password protect the master administrative account for their very important data?

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
With enough resources, time, and coffee, anything is possible.

 

[sleipnir214]

If Oracle's installer can ask for a administrator password, why can't SQL Server's? The "default or unset administrator password" hole has been around in various forms for decades. I remember a model of Sun workstation that had a microphone built into it -- and the permissions on the device file for the microphone were world read. If you could get access to the device, you could hear everything that was being said within listening distance of the microphone.

The machine which was infected by Nimda while downloading the Nimda patches was a test machine at Network World magazine's lab. They were downloading the patch from Mi¢ro$oft's site from the machine itself -- as I recall at the time, the patch was not available in a downloadable version at the time, it could only be installed by the machine that needed it through Mi¢ro$oft's internat patch installer. So the only way to get the patch at the time was to hook your server to the internet and go to Mi¢ro$oft's site. ______________________________________________________________________
TANSTAAFL!