This is the kind of thing I think about whenever people say "managers should trust engineers and leave them alone to do their work".https://arstechnica.com/security/2024/09/meta-slapped-with-101-million-fine-for-storing-passwords-in-plaintext/
-
Stephen De Gabriellereplied to Marco Rogers last edited by
Negligence is grounds for the engineering board to revoke the engineer’s license
-
@JeffGrigg that's the 101 million dollar question isn't it?
-
Marco Rogersreplied to Stephen De Gabrielle last edited by
@spdegabrielle not in the US. Not for software engineering.
-
@raven667 @dangoodin I'm sure some manager *made* them log the request data. Under threat of death.
-
Why do I do these threads? It's not because I like being an asshole and giving engineers a hard time. At the end of the day, I think we need to change our culture. The way engineers talk about our work and our responsibility and the value we provide is just way out of whack. And I'm trying to find different ways to explain and illustrate why I say that.
https://social.polotek.net/@polotek/112905943985848707 -
@polotek this sounds like what’s historically meant by “professional” — someone legally recognized as an expert, who also has some legal culpability. Do you have an opinion on professional software engineering?
-
A lot of people are still hurting in this job market. We went from being in high demand to everybody scrambling to replace us with AI. We should be organizing and trying to establish better labor rights. But before we can even do that, we have to establish our value. Except we can't do that. Because every single time anything bad happens, our goto response is "that's some managers fault. Nothing I can do." And somehow we still wonder why we are not valued when it's time to "trim the fat"?
-
@agocke I think it should exist. I think it would be very difficult to establish and regulate though. And I still think most of the kind of work we're discussing would fall outside of it.
-
Some people feel that it's really important to explain that the plain text passwords were in log files, not in a database. Apparently this is a more "understandable" mistake. So you know. Just forget everything I said.
-
@polotek Programmers have an ethical responsibility to protect user data, which takes precedence over anything their manager says.
ACM Code of Ethics and Professional Conduct
ACM Code of Ethics, tech ethics, tech Hippocratic Oath, computing ethics, software ethics, programming ethics, AI ethics, computing professional, public good
ACM Ethics - The Official Site of the Association for Computing Machinery's Committee on Professional Ethics (ethics.acm.org)
-
@polotek Sometimes, the management decision is going to be "deploy something now, and we can absorb the risk", and sometimes (possibly never with pw hashing) that decision is going to be right, and sometimes it'll be wrong
My point is "Sometimes Engineers need to listen to management and sometimes they need to push back", and a good Engineer is someone who knows which is which, and how to advocate for themselves when they need to
I agree with your point that sometimes Engineers need to accept oversight; I also agree sometimes they need to assert their expertise. I also think there's a trade off between those two positions, and that trade off is what I was trying to point out.
-
@polotek no. Engineers saying “we really should do this better” and managers prioritizing something else
-
@polotek I'm now also worried I'm explaining myself poorly, and didn't have as interesting a point as I initially thought
It is, after all, Friday
-
@polotek I for one love these threads! appreciate the reality check
-
Ditto! There's such great learning here -- for engineers, for managers trying to figure out when and how to get involved or explaining to engineers how they approach it, and for people mentoring engineers or managers. I really appreciate the time you put into these threads and the clarity of your explanations!
@[email protected] @[email protected] -
@polotek Every time in my career I’ve seen anything close to this level of garbage, engineers have been screaming to fix it and management couldn’t be bother to develop the fake-ass data-driven justification to do it.
-
@galactus and what happens after that? Engineers shrug and ship it. Users get harmed. Engineers blame managers. Managers lay all of the engineers off. Engineers get upset and talk about how important and indispensable they are. Nobody actually does what's necessary to help users.
Sound about right?
-
@polotek yes
-
@galactus cool. You keep doing what you're doing then. Works as designed.
-
@donaldball why are the engineers screaming instead of just fixing it?