Thursday, August 9, 2012

The Clueless Securities and Exchange Commission

Ellen Ullman explains:
AS a former software engineer, I laughed when I read what the Securities and Exchange Commission might be considering in response to the debacle of Knight Capital’s runaway computerized stock trades: forcing companies to fully test their computer systems before deploying coding changes.

That policy may sound sensible, but if you know anything about computers, it is funny on several accounts.

First, it is impossible to fully test any computer system. To think otherwise is to misunderstand what constitutes such a system. It is not a single body of code created entirely by one company. Rather, it is a collection of “modules” plugged into one another. Software modules are purchased from multiple vendors; the programs are proprietary; a purchaser (like Knight Capital) cannot see this code. Each piece of hardware also has its own embedded, inaccessible programming. The resulting system is a tangle of black boxes wired together that communicate through dimly explained “interfaces.” A programmer on one side of an interface can only hope that the programmer on the other side has gotten it right.

Next, there is no such thing as a body of code without bugs. You can test assiduously: first the programmers test, then the quality-assurance engineers; finally you run the old and new systems in parallel to monitor results. But no matter. There is always one more bug. Society may want to put its trust in computers, but it should know the facts: a bug, fix it. Another bug, fix it. The “fix” itself may introduce a new bug. And so on.

So now consider that tangle of modules. The bug in one meets the bug in another, and that one in another ... and the possibility of system failure multiplies exponentially.

Another absurd thing is trying to define a coding change worth fully testing. A completely new system rollout would certainly qualify. How about installing an updated module from one of those software vendors? It depends on the perceived criticality of the component. How about that new network router and its embedded code? Rarely done. What about a tiny bug fix done by a responsible, hardworking programmer at Knight Capital? Good quality-assurance departments would test that. But individual programmers may see a particular change as insignificant. One time I fixed a function by changing “less than” to “less than or equal to.” That “fix” propagated through the system. And down the system came.
This is a pretty obvious case of how the SEC is clueless, but there are many other instances, especially where security regulations are on the books. In many, many cases, the SEC has no clue as to how sharp operators are using regulations to their advantage---and to the detriment of everyone else.

The SEC should be shut down and securities regulations should be thrown into the garbage dump. This would eliminate the moat that protects the big Wall Street firms from new competitors. Wall Street would be a much better, more honest and more interesting place, without the SEC. You would be able to actual pick between thousands of firms, as opposed to be railroaded into dealing with the crooks at Goldman Sachs, JPMorgan Chase and Citigroup.

4 comments:

  1. First of all, I agree totally with Ms. Ullmann.

    So...
    The "tangled web" of software modules is EXACTLY equivalent to the "tangled web" of humans in any enterprise.
    So if an employee screws up, do you freak out and call for some act of congress or worse? No, you fire 'em or retrain or reprimand or whatever, and you go on.

    Bunch of hysterical pansy asses. Fix it and move on.

    BTW I AM a software engineer. And NO, my programs don't have bugs!! ...Uncross toes...

    ReplyDelete
  2. Perhaps, just perhaps - they are not so much clueless as bought and paid for, like the Department of Transportation, the Department of Energy, the Department of Agriculture, the Department of Education, the Department of Defense, etc, etc, etc, and so forth...

    ReplyDelete
  3. I like this one: The SEC should be shut down and securities regulations should be thrown into the garbage dump. This would eliminate the moat that protects the big Wall Street firms from new competitors. Wall Street would be a much better, more honest and more interesting place, without the SEC. You would be able to actual pick between thousands of firms, as opposed to be railroaded into dealing with the crooks at Goldman Sachs, JPMorgan Chase and Citigroup.

    ReplyDelete
  4. The state has already decreed the end of scarcity, time preference, vice, poverty and pestilence. Why would software errors be any different.

    ReplyDelete