Taking Responsibility for Code
Everyone looks at the world in a different way, but my preference is to look through the surface of activity to what I perceive to be the underlying mechanism of the world.
It is an occupational hazzard of those who would (quite frankly) be better employed to sort postage stamps or opine on just how many extra dimensions of space and time would be acceptable to their mind, to sort out those problems they perceive with physical theory.
The preoccupations of such people are other than fashion.
Needless to say, the underlying mechansim may be far removed from experience.
I would characterize this mechanism as bad code and dodgy assumptions.
You do not need bad people to have bad code. You just need a prevailing social attitude which resembles that of the famous joke about Shakespeare.
If you have an infinite supply of monkeys, each tapping at a keyboard, then eventually, one day, some day, one of the monkeys, or perhaps a gang of them, will write Shakespeare.
In the present model of innovation, I believe we are behaving as though we should have more monkeys writing more code in the hope that one monkey writes good code.
I do not pretend to be a great programmer but I do have a good nose for a bad smell.
When I smell bad code I do wonder if I will, one day, see dead people.
I cannot speak for the attitude today, but I can relate a formative experience that made me aspire to be an actual engineer rather than a poor one.
I was working for a defense R&D organization funded by the Australian government. The official title I had was Research Scientist, and I had the effective rank of Lieutenant.
One day, having just completed my latest software simulation project, and completed the relevant report, I got a phone call. The voice was pleasant but present.
He said:
I am Lieutenant (so and so) and I am the Test Pilot on this First of Class Flight Trial. Are you Dr Jones, the fellow who wrote the report on the coming flight test program?
I have a pretty good memory for what I did last week.
I said: Yes
He said: Thankyou for the report. It is very detailed and comprehensive.
He continued: I have just one question. How confident are you about the assumptions?
Well, let me explain. The test flight program involved he and his co-pilot flying a Sikorski Seahawk helicopter to practise emergency landings in high sea conditions on a ship.
Ships don't stay still in a storm so some bright sparks in the US Navy invented a form of arrestor hook. The helicopter would shoot a harpoon into a hydraulic ram and those who flew the helicopter would then hope that it caught, and winched them down to safety.
It is what the Navy does when they get a new piece of kit. It should work, but nothing works in all circumstances. The Navy, being the Navy, writes a manual which states to operating crews. "Not a good idea to fly in conditions beyond these defined circumstances."
That is like a regulation. It is there to protect the average pilot, as much as possible.
Test Pilots are not average pilots. They are a different breed altogether.
However, they are not foolish. The reason they are so good is because they know their limit.
The entire purpose of a flight trial is to take pilots, who are that good, and send a ship out in search of a storm so they can find conditions that are bad enough to be a good test.
When the Test Pilot finds their limit, they pull back, and say No! Then you take that limit down a few notches for your Average Joe pilot. Then you write the manual.
It is the famed envelope. Someone pushes the envelope and then you peg it back some.
However, it is not only the Test Pilot on test. It is also the machine.
That was my job.
We have a hydraulically operated jaw which is operational kit in another force.
It should work, but our ship is a bit different.
We have the ship model, the sea model, the helicopter model, the landing gear model, but no engineering model for the hydraulic jaw. You have a week to build the model and maybe a week to write the report, but there is bad weather in the Tasman and we want to catch it.
Your job is to figure out under what sea conditions the jaw, whose job it was to act as a helicopter arrestor hook, and winch the aircraft forcibly back to deck, might break.
Piece of cake. Not.
This is a calculation, where you, the engineer, estimate conditions of failure. This is not under a direct and clear load. It is a stochastic load from a range of ship motion.
You know the parameters, you know the basic principles of failure modelling. However, you also know this is a Test Flight where the other party will fly to their assesment of limit.
The solution is as old as engineering. You add a magin of safety and test your scenarios.
What was my answer to the question from the Test Pilot? Here is the gist of it:
In my assessment, the major factors driving potential failure are these. The sea condition scenarios are unpredictable so we modelled a distribution of those. The deck roll is a clear factor but we have a Sikorski certified landing gear model we are confident of. The jaw behaviour is the uncertainty. We have no manufacturer model. However, we do know the materials and rated loadings. How the arrestor hook engages with the jaw will affect the applied impulse and therefore how the hook and jaw behave under stress.
Taking account of those factors I added a margin of safety and stress-tested the computer simulations with different versions of the impulse dynamics on jaw failure.
That should account for the uncertainty related to the lack of an engineering model.
The sea state is something you can observe but the motions are of course subject to extremes. In all modelled sea states, up to the planned program limit, it was okay.
He said: Thankyou for being direct with me about your assumptions.
He flew. The program was a success and the equipment fielded.
We are automating more and more systems today. Code quality and engineering fidelity, plus attention to risk factors are more important. Doing a good job now is harder.
However, a good job, the best job possible, is the only job worth doing.
I saw this first working with the Navy but many more times in electronic trading.
Machines do go wild sometimes and it is important to consider worst case scenarios. In my experience, direct contact with those who fly the plane will focus the mind some.
That way it all becomes real. You get what is actually at stake.