Software, Growth, and the Future of the U.S Economy Report of a Symposium (2006) / Chapter Skim
Currently Skimming:
Panel II — How Do We Make Software and Why Is It Unique?
Panel II — How Do We Make Software and Why Is It Unique?
Pages 54-81
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 54... ...
Software engineering is like many other kinds of engineering in that it confronts many difficult problems, 54
|
From page 55... ...
Trading Off Correctness Against Other Pluses That no one really knows how to build perfect software -- because it is abstract, complex, and at the same time malleable -- gives rise to its fourth unique aspect: It can work pretty well even if it is not 100 percent correct.12 "There is a choice here in trading off correctness for more features, more function, and better 12 While this is true for software designed for "robustness" or "fault tolerance," in the absence of redundancy precision may be lost in results when systems are designed this way.
|
From page 56... ...
It does not take that many lines of Turing machine code to describe a hardware design, even one involving a billion transistors, because for the most part the same rectangle is repeated over and over again. But software involves millions and millions of lines of code, which probably can be compressed, but only to a limited degree.
|
From page 57... ...
Brooks, The Mythical Man-Month: Essays on Software Engineering, 20th Anniversary Edition, New York: Addison-Wesley, 1995.
|
From page 58... ...
While the reuse of components is one attempt at solving the problem of complexity, another is the use of tools, the most important of which are probably high-level programming languages and compilers. High-level programming languages can increase software productivity by sparing programmers worry over such low-level details as managing memory or buffer overruns.
|
From page 59... ...
Of course, it is possible for hardware designers to use software to take up the slack and to mask any errors that are capable of being masked. In this, they have an advantage over software developers in managing complexity problems, as the latter must take care of all their problems at the software level.
|
From page 60... ...
Lam predicted. "You'll find out the problem the day that the virus is going to hit you." Asking consumers to update their software is not, in her opinion, "a technically best solution." Reliability: Software to Check the Software A number of places have been doing research on improving software reliability, although it is of a different kind from that at the Software Engineering
|
From page 61... ...
Lam reiterated that many problems arise from the fact that software engineering, while complex and hard, is at the same time deceptively simple. She stressed her concern over the fact that, under the reigning economic model, the cost of unreliability is passed to the unwitting consumer and there is a lack of investment in developing software tools to improve the productivity of programmers.
|
From page 62... ...
While the area is a little less developed, there are some nice data sources, including the FLOSS Survey, or Free/Libre/Open-Source Software Survey, conducted in Europe.19 Varian and Shapiro's particular interest was looking at economic and strategic issues involving the adoption and use of open-source software with some focus on the public sector. Their research was sponsored by IBM Corporation, which, as Dr.
|
From page 63... ...
Without exception, in his judgment, open-source software has open interfaces; proprietary software may or may not have open interfaces.20 Among the themes of his research is that much of the benefit to be obtained from open-source software comes from the open interface, although a number of strategic issues surrounding the open interface mandate caution. Looking ahead to his conclusion, he called open-source software a very strong way to commit to an open interface while noting that an open interface can also be obtained through other sorts of commitment devices.
|
From page 64... ...
Reports from India indicate that a system administrator is about one-tenth of the cost of a system administrator in the U.S., a fact that could certainly change the economics of adoption; if there is a 10 to 15 percent difference in total cost of ownership using U.S. prices, there could be a dramatic difference using local prices when labor costs are taken into account.
|
From page 65... ...
"It's cheap now -- maybe it's free because it's a pirated copy -- but in the future it will be expensive." Since most communication in China is still domestic and from Chinese to Chinese, the network effects are relatively small. So the government has an incentive to choose the system with the lowest switching cost, then build its own network for document interchange.
|
From page 66... ...
Varian noted that there are many different licenses and referred to a paper in a legal journal that distinguished some 45 of them. Perhaps the most notorious is the GNU public license, which has a provision, "Copyleft," requiring those who modify and distribute open-source software outside their organization to include the source code.
|
From page 67... ...
Varian pointed to a paper posted on his Web site that is accompanied by discussion of economic effects of open-source software, including the issues of complementarities, commitment, network effects, licensing terms, and bundling (See Figure 4) .23 He then invited questions.
|
From page 68... ...
health statistics. All sciences need to know something about software engineering in order to build systems that can meet their needs, but is it better that they build them themselves, outsource them to somebody else, or strike a more collaborative arrangement?
|
From page 69... ...
D Herbsleb, "Two Case Studies of Open Source Software Development: Apache and Mozilla," ACM Transactions on Software Engineering and Methodology, 11(3)
|
From page 70... ...
He explained this by elaborating on one of the motivations he had listed for writing software, "scratching an itch:" A software professional confronted by a particular problem builds a tool that will help solve it, then decides to make the tool available to others to use and improve. While there have been many efforts to make software more user-friendly down to the end-user level, that is often a very difficult task.
|
From page 71... ...
26The presence of open-source software implicitly raises a conundrum for national economic accountants. If someone augments open-source code without charge, it will not have a price, and thus will not be counted as investment in measures of national product.
|
From page 72... ...
Socas speculated that his title -- Director of Platform Evangelism -- is one that "you'll only find in Silicon Valley." MAKING SOFTWARE SECURE AND RELIABLE Kenneth Walker SonicWALL Alluding to the day's previous discussion of the software stack, Mr. Walker stated as the goal of his presentation increasing his listeners' understanding of the security stack and of what is necessary to arrive at systems that can be considered secure and reliable.
|
From page 73... ...
Malicious Code 300M Zombies Infection 40,000 Intrusion Network Infection * 200M Attempts Polymorphic Viruses Intrusion 20,000 100M (Tequila)
|
From page 74... ...
27The term "hacker," is defined by the Webopedia as "A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s) ." Among professional programmers, depending on how it used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation.
|
From page 75... ...
This contrasts to a human virus outbreak, which depends on the physical movement of individuals and is therefore easier to track. Taking Responsibility for Security While there is a definite problem of responsibility related to security, it is a complicated issue, and most people do not think about it or have not thought about it to date.
|
From page 76... ...
Walker's discussion of threats to security, including hacking, are comparable to national economic accounts' failure to distinguish purely defensive expenditures, such as the hiring of bank guards to prevent robberies. There has been some discussion of measuring such things as robberies as "bads," which are negative entries that reduce value of banking services, but the international economic accounting guidelines have not yet successfully addressed the issue.
|
From page 77... ...
Walker observed, "if there's an attachment to it, they doubleclick." There was a woman in his own company who clicked on the "I Love You" variant of Slammer 22 times "because this person was telling her he loved her, and she really wanted to see what was going on, despite the fact that people were saying, `Don't click on that.' " As for impact, Network Associates estimated Mydoom and its variants infected between 300,000 and 500,000 computers, 10 to 20 times more than the top virus of 2003, SoBig. F-Secure's estimate was that on January 28, 2004, Mydoom accounted for 20 to 30 percent of global email traffic, well above previous infections.
|
From page 78... ...
· help-desk support for those who are unsure whether their machines have been affected, to which the expense of 1-800 calls may be added in the case of far-flung enterprises; · false positives, in which time and effort are expended in ascertaining that a machine has not, in fact, been infected; · overtime payments to IT staff involved in fixing the problem; · contingency outsourcing undertaken in order to keep a business going while its system is down, an example being SCO's establishing a secondary Web site to function while its primary Web site was under attack; · loss of business; · bandwidth clogging; · productivity erosion; · management time reallocation; · cost of recovery; and · software upgrades. According to mi2g consulting, by February 1, 2004, Mydoom's global impact had reached $38.5 billion.
|
From page 79... ...
Defining malicious code, another source of attack, as "any code that engages in an unwanted and unexpected result," he urged the audience to keep in mind that "software security is not necessarily the same thing as security software." Attacks also originate in what Mr. Walker called people issues.
|
From page 80... ...
Digital Rights Management Network Firewals Database Systems MS Office Encryption e.g., PGP Application Proxy Servers Other Applications Personal Firewalls Digital Signatures (SSL/VPN) Server Operating System Gateways Servers Devices Content .
|
From page 81... ...
He laid a portion of attacks on businesses to pranks, often perpetrated by teenagers, involving the misuse of IT tools that have been made available on the Net by their creators. He likened this activity to a practical joke he and his colleagues at a past employer would indulge in: interrupting each other's work by sending a long packet nicknamed the "Ping of Death" that caused a co-worker's screen to come up blue.30 The Microsoft OS Source Code Release The panelists were asked, in view of the release some 10 days before of the Microsoft OS source code, what had been learned about: (a)
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.