Chances of people dying from my web app is super slim. Chances of people dying because I bladly wired their house is and it caught fire is a lot higher.
Chances of me dying while developing my web app is super slim. Chances of someone frying themselves with wiring something up when they don't know how is a lot higher.
chances of being miserable in an administrative job^W^Wordinary life because some software product you have to use is making your job worse rather than better are close to 100%.
If you only count deaths, yeah, bad programming has negligible impact maybe. If you extend it to general suffering, it's quite a drag on everyone actually.
And incidentally, good programming can make a world of a difference, too.
So wanting to select for good programming, with even just having a good minimal standard, is a reasonable goal.
The problem is that we're not even sure what makes good programmers and how to spot them, as evidenced by the continuous stream of "I think..." and "Well actually" stories & comments here on HN.
Is bad programming a net negative? I'm not convinced (and it's not just because I'm a bad programmer, I swear!), I think if you only had good programming, you'd have very little programming and that would be concentrated of the areas that the powers that be deem most important: military, finance, police, factories.
Having bad programming gets you a lot of programming. I'd rather have a million people who can each build a house a day that will stand reasonably reliable for ten years than having a thousand people that can each build a house a day that will stand for a hundred years.
GP doesn't say it's never happened, just that the typical programmer isn't going to kill someone with a buggy password complexity validator. By and large, the standard programmer does not hold life and death in their hands when navigating callback hell.
Again, the typical programmer doesn't kill someone when they write a bug. Judging from the backlogs of each company I've worked at, not a single PaaS, SaaS, BaaS, CaaS, DaaS, FaaS, GaaS, HaaS, JaaS, KaaS, LaaS, MaaS, NaaS, QaaS, RaaS, TaaS, VaaS, WaaS, XaaS, YaaS, ZaaS, or other would have a living customer base if one bug == one death.
There are edge cases and there are certainly plenty of times when software bugs can kill people. However, to say that the typical programmer holds life and death in their hands with every keystroke is an extreme over-exaggeration and I think you know that.
These two examples are interesting. They're both cases where what was being created was a system where software was an important component, as opposed to the software written by the vast majority of us where the hardware components of the system are always the same (monitor, keyboard, etc.) This is the same distinction in Diamond v Diehr for when software might be included in a patent. I always thought the US Supreme Court made a good decision there. Unfortunately they were later overruled by lower courts. (For legal experts out there about to correct me and say that lower courts can't overrule higher courts, I wish you were right.)
web apps are a small fraction of the software development world. Software Engineers are responsible for code that runs in hospitals, aircraft, power switching stations, and many many other safety critical systems. In many cases code that was never written for safety critical work is deployed in those environments. What OS and software runs the elevator controls in a hospital or military base? We never know the real impact of our work.
That's really not true. At NASA for example there are standards that need to be followed when designing a system, implementing the code for it, reviewing and testing it, and releasing it. [1]
Yes there will always be bugs but no practice or method is invulnerable to this.
Software in general, in these high risk environments, has been extraordinarily successful in terms of reliability and safety.
At NASA, sure. You can't say that with any certainty for all the other systems in the world where software has a huge impact on daily life and human wellbeing. We can't know for sure because there is no regulation or independent monitoring.
Medical tech has similar standards as does flight control and many other mission critical code bases. Static analysis requirements, limits on certain trusted compilers, libs, etc.
I think you may need more time in the field and observing the reality here. There are unbelievably high standards and practices in many places. Maybe CRUD codebases for a consumer website has critical failures but that doesn’t really matter. People will stop using their site if it’s too large a problem.
Software is different than many technical and engineering fields. Codebases change over time as new requirements come in to extend functionality. Things can be patched. When standard engineering practices are required they are implemented. Yes, mistakes happen too but bridges fall down on occasion.
The whole point of my last comment was that the impact of bad software cannot be fully understood if we don't have ways to monitor and measure it. You are correct that many industries have high standards and many other industries have no need for any standards as market forces will decide, but there's likely a huge grey area in between that we don't know much about.
Chances of me dying while developing my web app is super slim. Chances of someone frying themselves with wiring something up when they don't know how is a lot higher.