Thursday, October 22, 2009

Experimental Software

The thought occurs to me that, when it comes to software licensing issues, there exists an analogue which really should have been explored long ago, but which I do not recall any conversation about. In particular, there is one thing in particular, and that is the idea that software is trusted with all of our data, even data on which lives can depend. And yet somehow, the concept of "Aircraft-grade" doesn't apply to software in these cases at all.

For people who aren't aware, the building of aircraft is a fairly well regulated industry; I hope I don't have to suggest why. Not only are all the parts supposed to be aircraft-grade, but there is a large body of tests that software must go through before it is declared worthy of FAA certification. If the aircraft is NOT certified safe by the FAA, then you know before you get it in it that what you have is unregulated and it may be no safer than the worst mechanic or part in it. Certified aircraft, such as airliners, are tested for reliability, and as long as they are kept up in accordance with FAA rules, you can be fairly sure that they are worthy of your trust. (They do have a pretty good record with this, too, in spite of the occasional story of airliners crashing--which is made louder and more noteworthy in fact because it happens so rarely.)

I cannot think of a single good reason why software that covers critical sections of computing should not be required by law to be tested by an independent agency for its stability. This would ideally replace the EULA's indemnifying clauses entirely, as the company would in fact be required to account for the faults in its software. In contrast, if a piece of software does not have the testing, because it is an amateur effort or work in progress, it should be clearly marked EXPERIMENTAL--with the understanding that if you use it, you are not allowed to blame the maker.

Ideally, there would be other classifications as well, some with stability testing, some without. Anything where user data is being used MUST have some kind of classification, whether certified or experimental; the user themselves will come to believe in the difference between certified and experimental software, making certification desirable for companies, while at the same time, the fact of testing and the requirement for legal responsibility will dissuade con artists from abusing it.

Would Microsoft or Apple approve of such a scheme? Maybe, but not easily. Microsoft in particular is probably not set up in such a way that any part of its OS, much less the whole thing in total, can be completely certified. However, if a top-notch OS was "certified" and especially if the other OSes were not, then I'm sure they would be more than happy to hold that over everyone's heads with glee.

What should be certified? A quick list.
  • Kernel (sans drivers, but including driver architecture)
  • Registry (for Windows)
  • User Interface (sans plugins)
  • File system
  • Network stack
  • OS initialization daemon (The process which starts applications at boot-time)
  • Password/Identity managers
  • Network security
  • Any server process (ssh, ftp, http, samba, filesharing, remote file storage, remote desktop, etc)
  • Commercial file editors
  • File compression tools (zip, rar, tar/tgz, 7z, etc)
Possible useful certifications:
  • Certified User Application (will not lose user data)
  • Experimental User Application (registered but not guaranteed)
  • Not Classified: User Application (Not registered; use caution)
  • Certified OS component (will not crash and lose data or damage hardware)
  • Experimental OS Component (registered but not guaranteed)
  • Not Classified: OS Component (If you aren't a developer, you just shouldn't)
  • Certified Isolated Application (Does not use user data; games and graphics programs)
  • Experimental Isolated Application (...)
  • NC: Isolated Application (...)
  • Certified Secure User/Network Application (Data is securely stored or transmitted)
  • Experimental User/Network Application (...)
  • NC: User/Network (...)

Thursday, October 15, 2009

Franken Bill and Governance in General

I'm not a political commentator. I hate talking about politics. I hope never to have to discuss them again. I am also not a lawyer. I'm just a blogger.

As you may have heard, 30 Senators from various states recently set their balls gently but firmly on the chopping block and voted against a bill that prevents government contractors from "restrict[ing] their employees from taking workplace sexual assault, battery and discrimination cases to court". From what I can tell, the details of the situation fully bear out that first moment of outrage one feels from the summary. If this was anything but a thinly disguised resignation letter, then the American government should be taken out back and shot.

I'm not being facetious. Senators serve in units of six years, and I doubt many or even any of those 30 senators are fresh out of 2008. In the last six years--in the last twelve, or even eighteen or more--how many laws have been passed? Although many have grown cynical of government recently, there is no way to say this but that those senators show no respect for the weight of their actions on 300 million people.

The concept of democracy, and indeed government itself is simple--in order for a common peace to be established, some amount of power must exist to regulate inconsistencies and especially violence. However, power by its nature has the power to create those same inconsistencies if misused. This is where democracy parts ways with monarchy--Democracy was designed so that it never needed to be true that the people of a nation could not trust its leader, its governance, or its courts. Unfortunately, it IS true. That it is true now suggests that it may have been true at points in the past as well, and many of those laws remain on the books as well. With this in mind, if I could, I would vote for no confidence in America's existing structure of law and governance until such time as a thorough review and restructuring has left the country in the position it was intended to be in at founding: where people need never exist under the rule of an agency they cannot trust.

Admittedly and unfortunately, this is not possible, not least because the entire federal government, from the senate to the federal mail service and public school systems, would have to be put on hold. However, I do not believe that this negates the thrust of my message--that for the people of America, and indeed the world, to truly believe in its political leaders again, the system must be designed such that those who would betray its trust are not allowed to participate, and with this done, the existing body of law should be reconstructed in such a way that it can be understood plainly and cannot be abused by means of details, whether those details are abuseable on purpose or as an unfortunate mistake.

Should it be done? In the next ten years, no. Possibly not for the rest of the life of the United States. It is not possible for acts of desperation to have the clarity necessary to truly escape the itching tendrils of corruption. It is possible for it to be done, but it may take decades worth of retrospection and deep thought, and these thoughts may have to be completely separate from the national dialogues.

So I suppose the best idea would be to come up with a theoretical body of law which would serve any country which tried to implement it, but with the understanding by all nations that until it is complete and refined to the same or a higher degree than the existing system, there will be no need to worry about implementing it. I personally would love to see such a thing; although I hate talking about politics and despite partisan discussion, the idea that it could possibly all work out, even if it doesn't happen for our generation, is an ideal beyond my reckoning.