The number of comments supporting Dropbox in this thread astonish me. It seems like people think that such "engineering" mistakes are acceptable in the software/web industry. But let me ask you: What if a construction engineer made a little mistake (humans err right?) when building that bridge? Maybe nothing happens but believe me he will get sued and no one here would object.
Sure, in the latter example people could get killed, but a big security error with Dropbox could also lead to serious personal damage (personal health documents published, business confidentiality breached, etc, etc).
It seems like people don't understand that building a "structure" in the software world should be the same as building a "structure" in the real world. Would you not sue the safe company that produced a safe that just opened by itself the day you were robbed (leading to theft of personal important documents, money, jewelry). Would you not sue the produced of an over-heating oven that leads to your house burning down?
Why do people assume that it is acceptable to make mistakes in the software world, but not in the "physical" world? Maybe this points towards some kind of basic problem with the software/web business model. Maybe all these free/premium product are really too cheap (and can be so cheap because they are inadequately produced). Maybe we need to accept that these ship-quickly products are not really acceptable, that there really needs to be considerable investment into such products (and thus increasing prices)...
Note: I do understand that nobody would accept a 50/50 % chance-of-breaking bridge, but may very well accept a 50/50 % chance-of-being-breached "Dropbox". But then don't advertise differently.
You assume that the word "engineering" means the same thing in bridge building vs. software development. It doesn't. These activities are no more alike than software development is to, say, writing novels.
If you really want to compare software to bridges, imagine that humans had written the same simple program millions of times over thousands of years. We'd be pretty good at it by now. (Even that analogy, though, doesn't level the playing field. The physical world is not programmable.)
Why do people assume that it is acceptable to make mistakes in the software world, but not in the "physical" world?
We know the answer to this. It is possible to make software that has very low defect rates -- among other things, you have teams of programmers intensively review every line of code -- but these practices have drastic consequences: projects become massively more expensive, development slows to a crawl, and innovation is greatly restricted. There are only a few fields where those tradeoffs are worth it. Elsewhere, they aren't close to being economic. The net benefit of software to society would be crippled if we built it this way. Of course we never would, because any software company trying to would be out-competed into oblivion.
As for Dropbox, when I see programmers jump all over other programmers for making a mistake, even a big mistake (or series of mistakes compounded), I think schadenfreude. People who engage in such gleeful condemnation are making an implicit claim to their own perfection. I'd think twice about doing that.
I do understand the difference between engineering in the "real world" and the "software world". There is no doubt that the latter is immensely more complex (see Fred Brooks).
Nonetheless, in cases where somebody may get hurt (physically, emotionally, financially, etc) we have to make a greater effort. All I was saying is that we have to either lower our expectations of how good affordable software can be or accept much higher costs for it.
Dropbox love to advertise that they are an extremely safe solution to data storage, thus leading people to believe that their data is safe. Unless every line of code in the authentication module is reviewed and checked and tested, that statement cannot be true. So there is a paradox there.
I guess I may have positioned Dropbox too extremely, but Dropbox breaking is much worse than say a music application, some game or other non-critical software. And with Dropbox I believe that development should be approached more like NASA would do it than EA would. People can get hurt!
"As for Dropbox, when I see programmers jump all over other programmers for making a mistake, even a big mistake (or series of mistakes compounded), I think schadenfreude. People who engage in such gleeful condemnation are making an implicit claim to their own perfection. I'd think twice about doing that."
Believe me that that was not my intention. I am without not as good a programmer as anybody at Dropbox!
Sure, in the latter example people could get killed, but a big security error with Dropbox could also lead to serious personal damage (personal health documents published, business confidentiality breached, etc, etc).
It seems like people don't understand that building a "structure" in the software world should be the same as building a "structure" in the real world. Would you not sue the safe company that produced a safe that just opened by itself the day you were robbed (leading to theft of personal important documents, money, jewelry). Would you not sue the produced of an over-heating oven that leads to your house burning down?
Why do people assume that it is acceptable to make mistakes in the software world, but not in the "physical" world? Maybe this points towards some kind of basic problem with the software/web business model. Maybe all these free/premium product are really too cheap (and can be so cheap because they are inadequately produced). Maybe we need to accept that these ship-quickly products are not really acceptable, that there really needs to be considerable investment into such products (and thus increasing prices)...
Note: I do understand that nobody would accept a 50/50 % chance-of-breaking bridge, but may very well accept a 50/50 % chance-of-being-breached "Dropbox". But then don't advertise differently.