Dear Blogspot,
I've lately been thinking about how economists view risk, and how that analysis can help us think about software testing.
Economists refer to risk in a rather ordinary way, such as talking about the risk of getting into a car wreck, the risk of a particular stove causing a fire, the risk of being killed by Dracula, or the risk of your house being flooded. A "risk" then is some unhappy event that we wish to avoid, since we find it in our interests to be happier rather than more unhappy. Risk-mitigation is an economic "good", something we value and pursue.
Economists approach choices in risk-mitigation the same way they approach their analysis of choice regarding any economic good -- subjectively and marginally. Those all-important economic terms mean that each person might have a different tolerance level for risk (the subjective part), and that we weigh each risk-mitigation opportunity according to the cost of obtaining it (marginal cost).
Because of this, economics rarely predicts a zero-risk situation where people are involved. There are many reasons why. The first is a knowledge problem: every possible risk is not instantly obvious. The world is a complex place, and lots of unpredictable things happen. The second reason was alluded to earlier, that some risks are just too costly to eliminate given our subjective preferences. For example, we might worry about the chance of a meteor falling through our ceiling and striking us on the head while we sleep, and calculate that the only way to be completely safe is to live deep in the roots of a tall mountain. The last reason is that the desire for safety from risk is unbounded. For example, if we get ourselves a new robot, and find that it is homicidal, we might worry a lot about being killed and have it reprogrammed with the "Three Laws" to prevent that. Afterwards, however, we might start worrying about it breaking our dishes while trying to clean them, and have its metal hands padded. After that, we might eventually even worry about running into it in the dark and stubbing our toe, and so forth, and so on.
As you might have guessed, this exact same analysis can be applied to flaws in the implementation of a specific software design, commonly called a "bug". A user encountering the effects of a bug is definitely an event that they wish to avoid, and (for various reasons) that we as engineers do not wish to introduce. Software houses typically employ QA to try and discover these flaws before a user finds them, so that they can be fixed. Other mitigation practices, such as Test Driven Development (TDD), unit tests, test automation, and so forth are also used to prevent users from encountering bugs in their software.
However, blogspot, I would argue that pursuing a zero-bug situation is neither wise nor practical, for all the same reasons mentioned previously. Modern software systems are complex interactions of many different systems, and user interactions with software can introduce further uncertainty, making the task of even predicting every possible bug all but impossible. Further, sometimes a bug is just too expensive to fix. You may get a bug that the software is unable to handle data buffers larger than any reasonably available storage devices, which is something no reasonable engineer would fix. On the other hand, we may discover a bug that has a very low impact on the user, and low chance of occurrence, but discover that it will take hundreds of man-hours of engineering to correct it, making such correction too costly to pursue. An example of this might be that your software is vulnerable to a flaw in a specific model of video card that changes the visible shade of red slightly, and that the cost of writing code to detect and work around this hardware flaw isn't worth a slight color difference. Lastly, the desire to be free of bugs is irrationally unbounded. A quickly fixed bug that causes the software to crash on boot-up is an easy call, but eventually one would start worrying about software flaws that occur only when in certain rare hardware environments -- it would never end.
Well, blogspot, that is all I have to say on this subject. As in my other posts, I would encourage my fellow engineers to think about our problems in the same way we actually end up making them: by weighing the costs and the benefits of each choice. Demanding a zero-bug software product may make one seem bold and principled, but is only a way to set oneself up for disappointment, while simultaneously foregoing time that could have been spent on new products or more important improvements to existing ones.
Tuesday, December 18, 2012
Sunday, July 22, 2012
The Law of Comparative Testing
Dear Blogspot,
Two hundred years ago, David Ricardo taught the world about the Law of Comparative Advantage. It states that any two nations, groups, or persons who have differing relative productivity in the production of different goods always benefit from engaging in their most relatively productive activities, and then trading the produce thereof with each other. It is a direct challenge to protectionism on a national scale, and self-sufficiency on a personal one.
This principle applies to the software world rather clearly when one considers the role of Developer and Tester (usually called Quality Assurance or "QA"). To explain both what the Law is, and how it applies to our subject, consider the following example:
Suppose a Developer is capable of producing 10 units of application code every day, or capable of reproducing 9 bugs per day. Suppose further that a Tester is capable of producing 1 unit of application code every day, or capable of reproducing 5 bugs per day. No matter who finds the bug, the Developer will have to produce more code to fix it, but we still generally consider Found bugs to be a good worth pursuing. Now consider all the possible scenarios:
As you can see, the mixture of activities that produces the most code and the most found bugs is number 5, which should also be what any actual developer and tester should intuitively conclude. Note that this is despite the fact that, in the example, the Developer is better at both writing code AND finding bugs! Many would dispute the productivity in finding bugs that I have assigned to my Developer, pointing out that "clear" or "white" box testing is generally inferior to black box, as knowledge of inner-workings can bias the production of test cases. Fair enough, but that would only make the case more stark in favor of testing by Testers.
Another adjustment you might make to the example would be to calculate productivity not by units of time, but by dollar units in costs. Since Software Development is, in the current market, a more scarce skill and in higher demand than Testing, it tends to cost more. If the same test were run using dollar units, the results would lean even heavier towards the employment of Testers for testing in Software Engineering.
So, Blogspot, why would such an obvious argument even need to made? Well, just as protectionism and self-sufficiency arguments crop up all the time in debates about international trade (witness the witless discussion of U.S. Olympic Team uniforms in 2012), they are starting to creep into discussions about methodology in Software Engineering as well. And for the same reasons, these discussions should be nipped in the bud, before it starts to mean less and more expensive software on the market for the rest of us.
Two hundred years ago, David Ricardo taught the world about the Law of Comparative Advantage. It states that any two nations, groups, or persons who have differing relative productivity in the production of different goods always benefit from engaging in their most relatively productive activities, and then trading the produce thereof with each other. It is a direct challenge to protectionism on a national scale, and self-sufficiency on a personal one.
This principle applies to the software world rather clearly when one considers the role of Developer and Tester (usually called Quality Assurance or "QA"). To explain both what the Law is, and how it applies to our subject, consider the following example:
Suppose a Developer is capable of producing 10 units of application code every day, or capable of reproducing 9 bugs per day. Suppose further that a Tester is capable of producing 1 unit of application code every day, or capable of reproducing 5 bugs per day. No matter who finds the bug, the Developer will have to produce more code to fix it, but we still generally consider Found bugs to be a good worth pursuing. Now consider all the possible scenarios:
- The Developer and the Tester only spend their time reproducing bugs:
- 0 units of application code is written, and 14 bugs are found every day (but found in what?).
- The Developer and the Tester only write code:
- 11 units of application code is written, and 0 bugs are reproduced (wheeee!).
- The Developer only reproduces bugs, the Tester only writes code:
- 1 unit of code is written, 9 bugs are reproduced. (That is the safest program never released!)
- The Developer and the Tester write code half the time, and find bugs half the time:
- 5.5 units of code written, 7 bugs found. (Serious context switching going on here)
- The Developer writes code full time, the Tester finds bugs full time:
- 10 units of application code is written, 5 bugs are found and reproduced.
- The Developer writes code and tests half the time, while the Tester tests full time:
- 5 units of code written, 9.5 bugs found.
As you can see, the mixture of activities that produces the most code and the most found bugs is number 5, which should also be what any actual developer and tester should intuitively conclude. Note that this is despite the fact that, in the example, the Developer is better at both writing code AND finding bugs! Many would dispute the productivity in finding bugs that I have assigned to my Developer, pointing out that "clear" or "white" box testing is generally inferior to black box, as knowledge of inner-workings can bias the production of test cases. Fair enough, but that would only make the case more stark in favor of testing by Testers.
Another adjustment you might make to the example would be to calculate productivity not by units of time, but by dollar units in costs. Since Software Development is, in the current market, a more scarce skill and in higher demand than Testing, it tends to cost more. If the same test were run using dollar units, the results would lean even heavier towards the employment of Testers for testing in Software Engineering.
So, Blogspot, why would such an obvious argument even need to made? Well, just as protectionism and self-sufficiency arguments crop up all the time in debates about international trade (witness the witless discussion of U.S. Olympic Team uniforms in 2012), they are starting to creep into discussions about methodology in Software Engineering as well. And for the same reasons, these discussions should be nipped in the bud, before it starts to mean less and more expensive software on the market for the rest of us.
Thursday, April 12, 2012
The Political Economy of Software
Dear Blogspot,
In the parlance of economics, "Rent" is defined as money one makes on some product or service above and beyond the cost of producing it. Importantly, it refers to money one makes on something that is not destroyed during consumption, and where true ownership does not change hands, so that, having rented it to one person, it can be rented again. It seems to me Blogspot, that software is clearly an area where the money is clearly made through rents.
In subscription based software services, this point is pretty clear. A consumer pays a periodic cost for access to the software, the value of which disappears after the service contract ends. Traditional software also fits this bill. Since the marginal production cost of producing the next unit of software is zero, the software per-se can be thought of as a single good. From this perspective, we see that once "sold" to one person, an identical unit can be "sold again". The important thing, however, is that, at some point, the money made on marginal units is over and above the production cost, which makes it "rent".
But how does this affect the political economy of software production houses? Suppose a software company endeavors to produce one product, without any updates (yes, no place would do that, due to the increased sales and rents that come with making the update, but stay with me anyway). During production of that software product, the productivity of the designers, developers, QA, etc. is vital. They and their knowledge constitute the true capital of the company, and embody its value in future sales. Once the product is released, however, this productivity and knowledge offer diminishing returns. In a perfectly fluid market where every employee makes their local marginal utility at all times, salaries of these workers would drop, and some, perhaps all, would be laid off. In fact, were it not for the fact that knowledge gained during development constitutes important capital going into an update release, we could imagine the entire development profession being made up of temporary contractors.
Given our example, however, after release, the software house almost immediately becomes a building full of rent-seekers. Developers would immediately change their goals from productive software outcomes to that of convincing the owner that he or she warrants a cut of the continued sales of the program they produced (for which time they've already been paid). This is pure politics and shenanigans.
Now, stepping outside the thought experiment back into the real world, Blogspot, my point becomes this: Even if software houses DO plan updates, or DO offer subscription services, to what degree do these phenomenon show up anyway? Just because the marginal value of continued development is not Zero does not mean that it approaches the value of the work done to produce the first release. And to that degree, one would expect more rent-seeking behavior out of developers than before. The difference in expected productivity might change the nature of the behavior from (in the Zero value case) one of complete fantasy to (in the Normal case) one of exaggerated claims. However, the behavior would still be there.
How do those whose salaries are already tied to current and future sales (investors, owners, perhaps upper management) respond to this realization? Do they realize it at all? That I often wonder.
PostScript:
Of all my letters to you Blogspot, this one seemed the most "out there" to me. Well, maybe not .. See page 23 of the leaked Valve employee manual:
The relevant quote is on page 17:
"Valve is not averse to all organizational structure—it crops up in many forms all the time, temporarily. But
problems show up when hierarchy or codified divisions of labor either haven’t been created by the group’s members or when those structures persist for long periods of time. We believe those structures inevitably begin to serve their own needs rather than those of Valve’s customers. The hierarchy will begin to reinforce its own structure by hiring people who fit its shape, adding people to fill subordinate support roles. Its members are also incented to engage in rent-seeking behaviors that take advantage of the power structure rather than focusing on simply delivering value to customers."
PostScript:
Of all my letters to you Blogspot, this one seemed the most "out there" to me. Well, maybe not .. See page 23 of the leaked Valve employee manual:
The relevant quote is on page 17:
"Valve is not averse to all organizational structure—it crops up in many forms all the time, temporarily. But
problems show up when hierarchy or codified divisions of labor either haven’t been created by the group’s members or when those structures persist for long periods of time. We believe those structures inevitably begin to serve their own needs rather than those of Valve’s customers. The hierarchy will begin to reinforce its own structure by hiring people who fit its shape, adding people to fill subordinate support roles. Its members are also incented to engage in rent-seeking behaviors that take advantage of the power structure rather than focusing on simply delivering value to customers."
Subscribe to:
Posts (Atom)