Tuesday, January 12, 2010

The gang that couldn't program straight

Among my thoughts about the Christmas underwear-bomber incident was this: won't our government ever learn how properly to develop software?


It's inexcusable to hide behind a name misspelled in a database. It's the nature of international databases to have transliterated names -- nothing new. Phonetic comparison software is likewise nothing new. For one example, see Soundex.

It's similarly inexcusable to attribute the security lapse to the size of the database in which the adverse entry for  Abdulmutallab appeared (rather than in the smaller No Fly list). 550,000 entries? How many billion records does the IRS routinely handle? The SEC? Any large company? Data mining is hardly cutting edge anymore.

In my novel Fools' Experiments (2008) a main character obsesses on the need for a better way to develop software:  He says:

"... Modern society has deployed most of the easy applications of computers. We've done all the basic automation. What is left is mostly too complex for mere real-world mortals. We're starting to see the tragic results: one day, an industrial robot accidentally crushes a worker; the next day, computerized hospital equipment electrocutes a patient. We can't write new programs as fast as we need them. We can’t prove the correctness of the programs we do manage to produce.

"Let me pose the issue another way. We rely increasingly on the data plane of existence, as much as on the biological and physical planes. Our approach to exploiting the information ecology, the data plane, is classically human: We create a program to do our bidding. Homo sapiens is, after all, the premier tool-using animal -- and the only tool-using animal to move beyond sticks and stones.

"Too bad that building tools is a flawed approach. In evolutionary terms, it's been a simple experiment, and after a short trial, it is already failing us."
Last Christmas, bad programming really did fail a planeful of people when it allowed Abdulmutallab aboard that airplane. 

Is anyone at Homeland Security looking at software development beyond the old bad ways? For all our sakes, I  hope so.

No comments: