Slashdot Mirror
Linus Says No to 'Specs'
auckland map writes to tell us about an interesting debate that is being featured on KernelTrap. Linus Torvalds raised a few eyebrows (and furrowed even more in confusion) by saying "A 'spec' is close to useless. I have _never_ seen a spec that was both big enough to be useful _and_ accurate. And I have seen _lots_ of total crap work that was based on specs. It's _the_ single worst way to write software, because it by definition means that the software was written to match theory, not reality."
Linus is an engineer/tech. He dislikes theory work because it often gives nothing in practice.
However, specs are not always theory, and they may be usefull, as well as docs. He may be smart enough (or know linux code enough) to not need any doc/spec, but it's not the case of many other people. Some specs are good, and sometimes necessary.
He cited OSI model, well, but I can assure you I won't go in an airplane if it was done with Linus' practices... There are specs in some places that are good, and that are read and followed. Even in non-dangerous domains such as Web standards, specs are necessary, and those who don't follow these specs make crap softwares/browsers!
Moreover, in Linux development model, which is fuzzy and distributed, not directed, defining the software may be vain. However, in a commercial environment, defining the spec is really writing a contract, which protects both the customer and the editor. Specs there defines what the software can and must do, and ensures it will do. Linus obviously lacks of experience in industrial and critical projects. He may be right for the kernel development (however I still doubt it should be so entire on that subject), but he's wrong on many other domains.
IOW, Linus does here a generalization which is at least as wrong as are the examples he cited. As we say : "all generalization are false".
If he finds a bad spec, either it throws it away, or he fixes it. It's the same for technical docs. But he shouldn't tell every specs are useless and bad. That's wrong.
Detailed specs are useless. A broad spec that defines the general features, who the damn users are and what they need to achieve is far from useless. Let the intelligent software developers figure out the details, but don't let them lose sight of the general direction they should be taking.
I heard he had good vision. --(o)~(o)--
something like this, this, this, this... (should i go on?)
var sig = function() { sig(); }
Who was it that said:
In theory, practice and theory are the same. In practice, they are not.
Linus has spoken.
..big _YES_ to underscores.
How are you supposed to write software which interoperates with other people's software without relying on a specification to define the interface? I have read some of the thread and I really can't understand where Linus is coming from here.
Specs are not best for software whose features are to grow with time, and where nobody ones what people want to add more. Specs are best when you have a fixed set of requirements, which you have to meet in order to complete your work.
Still, specs may be useful for example to identify certain aspects of a Linux sub-system. But it may not be desirable to have a full spec defining all the goals of Linux, because these goals are a rapic moving target and therefore steadily changing. Of course, there are some features which are built to stay, but specifying specific features in detail while other objectives are changing or even unknown, is hard and may not give the desired results.
Windows is like decaf - it tastes like the real thing, but it won't get you through the day.
The whole discussion was centered around implementing specs. And the point made by linus was that one should not implement specs literally, not to structure the software as the specs are structured. He did not say the software should not adhere to the interface given by the specs. So the software should work like specified, one should just write the software in a form which makes sense for the larger scope of the software, not one limited to the scope of the specs.
Also having a documentation will keep the leader itself on the correct path and not stray from it's original design.
It is extremely rare that the original design is the correct path.
I believe posters are recognized by their sig. So I made one.
Bill Gates says "Beta testing is for sissies".
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
That's pretty much what it always comes back to with Linus.
If you were blocking sigs, you wouldn't have to read this.
And after three long hard years of implementing a huge amount of code as per specifications, finally wrapping things up and looking to moving on to bigger and better things... they go and change the specs! Arrraggg!!
Who is this Linus guy anyway? I bet he's never managed a software project of any complexity.
Personally I've found specs to be incredibly useful. I'm currently developing a middleware project that takes a complex search pattern and applies it to a streams of delimited character objects and while our team of 40 software software engineers has yet to actually start developing we've produced a fantastic spec that will greatly simplify coding it.
I suspect we'll have this general regular expression parser up in running in less than 80 man years of effort thanks to our full and detailed specs.
US Citizen living abroad? Register to vote!
Linus does code to specs: the kernel is intended to comply with all sorts of formal and informal specs, and its developers pay attention.
What is missing is people writing and committing to specs for some important kernel internal interfaces and functionality. This attitude goes hand in hand, of course, with the lack of stable internal interfaces within the Linux kernel and is one of the major reasons why the kernel source has bloated to such a humungous size and why every kernel release needs to include all the accumulated garbage of the past decade. If internal kernel interfaces were specified and committed to for each major version, then driver and module development could be separated from the rest of the kernel.
Of course, Linus is right in one area: most specs are useless. There are two primary reasons for that. Either, the spec is poorly written; there are lots of those. Or, the spec describes a bad design; there are many more of those. Many of the original UNIX design documents were exemplary specs: they told you concisely what you could and could not rely on. On the other hand, many recent standards (like HTML or SOAP) are examples of well-written specs that are bad specs because the underlying designs suck. But the fact that many specs are bad doesn't mean that it is inevitable that the Linux specs would be bad; that only depends on Linus.
At a conservative estimate, I've pissed away half of my lifetime development effort dealing with instances where the documentation of an OS, APIs or SDKs doesn't match the actual behaviour. Every time I get sandbagged with that, I wish I could just read the damn source and see what's really going on.
Linus is quite right that a spec can be useful as a descriptive abstraction, but not as an absolute or proscriptive definition. When you're sitting there at the keyboard and hit a point where the behaviour differs from the spec, it doesn't matter why the spec is wrong, just that it is. Red pen it and move on.
If you were blocking sigs, you wouldn't have to read this.
If nothing else comments like this are ammunition for the people who dislike / want to crush Linux (and OSS in general). While I know from experience that the kernel is a quality piece of software and highly reliable if I was new to Linux and considering moving my company over to it comments like this would scare me. It's not that a spec necessarly improves the quality of the software it just improves confidence that the people writting it have a clue about what they hope to acheive.
I, too, didn't believe in writting specs when I was in college. Most of the projects I worked on were either loner affairs or the group was very small so communication was good. When I got into the commercial world though it was a very different ball game. After working on a couple of projects that failed horribly because half the team was confused about what it was supposed to be doing I realized that a spec is a very useful tool.
In my experience the better developers didn't need the spec as much as the poorer developers. The good developers almost understood without words what the other good developers would do in a given situation. The problem was no one could predict what the poorer developers would do in a given situation. This led to large chunks of the system not working / intergrating properly (I freely admit there were other serious management problems on these projecs as well) and needing huge amounts of resources to bring them back on track.
Later projects where there was a spec (even quite an informal spec) produced a better system in less time with fewer resources. I know this sounds like the same old pap that is dished up to every CS student but it really does work on non-trivial projects.
I certainly believe that the spec can be taken to far though. I have seen some projects never even get off the ground for the want of a quick hacked together bit of proof of concept code. The secret is in hitting that fine line between anarchy and unanarchy (there is no good single word antonym for anarchy so I propose unanarchy).
Perhaps the kernel only has uber leet hackers working on it. Somehow I doubt that though.
I used to have a better sig but it broke.
Specification documents are the only thing in the company I work for that stops customers asking for functionality in the 11th hour of development, claiming that "they always meant that it would have that" or "I thought I mentioned that at the first meeting".
As companies go the one I work for is pretty lax with documentation, but they are very careful that all customer requirements are listed iteratively, and - more importantly - signed off on.
I have been in situations at work where for whatever reason a specification hasn't been drawn up for a customer; its either been left to informal emails or in the worst cases word-of-mouth/notes written in an initial meeting. In my experience these often end up running on past their deadline as the customer requests more and more esoteric functionality, or design and presentation tweaks that covertly require additional functionality, etc.
As a rule of thumb as a die-hard programmer I hate documentation, particularly detailed technical specifications which constrict my creativity. That said, where it is necessary I absolutely see the need for it - how else can you constrain the customer to what they originally asked for?
I once worked on a Standards-writing subcommittee, and ended up being the editor of a proposed standard. I was new to the process at the time. I took the work that was done and completely re-wrote it, from the ground up, according to the published guidelines of the Telecommunications Industry Association (TIA). I then presented my work to the subcommittee.
"It's too clear. People might actually understand it." I argued that because it was a specification for testing, it should be clear. Yes, I won the argument, but at what cost?
Over the next few years I watched as more standards were created, edited, published, submitted to the ITU, and eventually turned into Recommendations. When I asked, "what does this section REALLY try to say?" I was told that in order to understand that section I needed to know another piece of the puzzle that wasn't spelled out but was "understood" by "practitioners of the art." In other words, the specification was incomplete...but not according to the rules. I asked why. The answer I got boiled down to one thing: you can't implement the specification without the "stories around the campfire" behind them.
Put starkly, you can't play unless you join the club.
Now, in reality, people have taken these less-than-complete specifications and actually made products with them, products that successfully interoperated with those implemented by members of the club. The development time, however, was extended by the need to discover the missing pieces on one's own, or to buy the missing pieces.
Then there was the story of what eventually became V.80, which I discussed in a Slashdot interview. That particular standard proposal was so bad that I had to vote "no". Again, I ended up rewriting the entire thing so it made sense, and in addition covered not only the corner cases but also future extensions and vendor extensions. It took DAYS to prove that the two versions said technically the same thing (within limits). You could code to mine; the other was almost impossible and "open to interpretation."
Most specifications (or Standards) are written by partisan participants. It's to their best interests to write these things so that outsiders can't understand them -- be it commercial gain or personal ego. Good spec writing is HARD, and not for beginners. It takes work. It rarely pays anything to write a good specification, especially if the writer views it as a pro-forma task. Just as programmers from several decades ago viewed flow-charting as a useless task.
Just as people are starting to view Open Source not as a way to lose money but as a way to gain money, perhaps the partisans will see that writing clear, understandable, WORKABLE specifications is in their better interest....or not.
Given the current state of the art, though, I would tend to agree completely with Linus that specifications, and Standards, that don't provably track with reality deserve not "no", but "HELL NO!"
But for any type of commercial undertaking, specs are an essential part of the development process.
Without a spec you won't know what you're being asked to build, or will find it difficult to get customer agreement that what you're delivering meets their need.
Without a spec you can't estimate, and without accurate estimates you can't insure that you're properly getting paid.
A message from our sponsor
There's a wonderful bit about specs from Jason Fried here. Pretty similar in viewpoint, I think.
I'd say that there are good specs as well. A few examples:
POSIX standardizes programming interfaces for operating systems. It allows easy portability of applications between operating systems, and it's very successful at that. Although non-compliant operating systems (such an Windows) and non-compliant applications (many applications written for the GNU system, and any application that uses functionality not standardized by POSIX) cloud the picture somewhat, POSIX has worked wonders for application portability.
Common Lisp is a standardization of features found in Lisp systems. It mixed and matched parts from various more or less specialized Lisp systems, and built a generic programming language that is still widely regarded as the best programming language by those who know it. The fact that the language is standardized to a great extent allows code to be easily ported from one implementation to another.
R5RS is the current state of the standardization effort for the programming language Scheme. Contrary to POSIX and Common Lisp, it aims to standardize not as much as possible, but rather a small common core which can then be extended. This makes Scheme a very useful object for programming language research.
Comparing these specifications to the alternative of having no specification, I'd have to say they provide definitive advantages. Without POSIX, we'd still be stuck with operating systems having APIs different enough that it might be easier to rewrite applications for each OS, rather than maintain a single codebase with a few platfrom-specifics here and there. Language specifications like Common Lisp and R5RS have enabled a whole slew of implementations, each filling a specific niche, where other languages are often stuck with one implementation, and perhaps a few not-quite-compatible alternatives; and if you want a different niche, you'll have to use a different language.
Please correct me if I got my facts wrong.
Its an idiot who says a spec is useless. Perhaps a 400 page IBM corporate spec on a filesystem is useless, but 20-40page specs are not.
/* comments, so its damn easier to read and visually see, 100% ascii blows
Hashing out a spec at least shows you what can be possible and what cannot, and while doing it, you may
see possibilities of new features or addons and also you might realise that feature X will take damn ages.
It also shows you that feature Z might ruin your whole design or be nothing more than a timewasting experiment.
There are different levels of spec design, but im not saying, go make it ultra low level. Jeez Linus, even doing a rough
diagram of a gui or this process does step 1 thru 12. At least the other developers on the team can see what in hell
your are going to make. Not just some 1 liner, "we're gona make a kick-ass 64bit indexed image engine/database"
How about a 200 thread level async dns resolver? Oh yeah all in your head Linus.
Heres my product spec for a better IDE in 1 line.
Support basic html inside
man. Even support IMG tags so your can BUILD in documentation thats usefull in your source.
High level specs, yes, lowlevel specs that are 5x larger than source codes, NO.
Liberty freedom are no1, not dicks in suits.
Joel Spolsky certainly disagrees. And not just in theory.
Predictable code is good code. You want your code to do x when y happens, and everyone who relies on your code should know what to expect from your code under every circumstance. Kernels are supposed to be boring.
Specs may suck in some cases; if they do, they're badly written. It's an indictment of the person who wrote that spec, not the concept of specs in general. When I call a function, I expect it to do exactly what its documentation says, and it should comply with the documentation exactly.
I shouldn't have to read the code just to use it. That defeats the entire purpose of segmenting things out into separate pieces. You might as well be using gotos to write your spaghetti code.
Remember, there were no nuclear weapons before women were allowed to vote.
Maybe "what works" is the best approach, especially for an open-ended project like Linux.
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
A spec should be used to write the acceptance tests for the application (and indeed a lot of the unit tests). Documents just sit there and don't tell you when something's wrong - repeatable tests do.
A specificiation should specify how a program behaves to the external world, not how it should be implemented.
So I think I kind of agree with Linus.
I'd hoped that Linus was refering to "SPECmarks" et al as a bad basis for writing a kernel, but specifications are way off base as being a bad idea for any area of software let alone a kernel.
Sure BAD specifications are a bad idea, but so is bad code.
Its also not true to say that a specification can't be detailed and accurate and then implemented directly, IPv4 is a pretty clear specification that I'd be worried if the kernel writers had ignored when they wrote their IP stack.
I too have seen dreadful code written directly from specifications, normally because there was no design, but I've seen much worse code written from the basis of "I think this therefore it must be right".
I'm normally a big fan of Linus, but given that many of the major areas of Linux and Open Software are written against specifications (X, Samba, IPv4, 802.11x, BIOS etc etc) its hard to see where Linus is coming from. If two organisations or technologies want to communicate they need an agreed standard and specification on the inter-operation. Any other approach is just lobbing packets and hoping for the best.
An Eye for an Eye will make the whole world blind - Gandhi
To a certain extent, specs define the parameters around communication. That's why interoperability works: conform with the spec and you can communicate... except when you can't because the spec was built but never implemented, and the spec designers introduced bugs that they would have caught if they'd tried to implement it. Or maybe the spec designers had a specific idea of how things were going to be and didn't anticipate a particular application and it's needs.
If you accept the premise that specs enable communication, I would ask you this: where is the spec for English? And wherein does it describe things like "fo-shizzle" and "off the hizzle"? Or any other dynamic aspect of language that shows up everywhere in the world. Many people communicate without having a written spec for how that communication is going to work. More over, "fo-shizzle" (et al) is well understood by many people outside of the culture that created it despite it's never having been incorporated into an English language spec. Defining a spec for English is really pointless. The language changes and develops for the specific needs of the people using it.
It strikes me that the same is true with technology specs. If you don't define them, people will make incremental improvements to stuff without having to worry about hearing, "Hey! That's out of spec!" Put another way, specs are the antithesis of incremental change by individuals who need those changes. Specs are cathedral, not bazaar.
Are there spec success stories? Sure: IP. On the other hand how long have we been trying to get greater acceptance of IP6? And why do we want IP6 at all? Because no one is willing to incrementally change IP4.
Put another way: specs are a form of governance. They're the central group saying "thou shalt". That's fine if (and only if) that central group knows every possible implication of every decision that they make. Linus seems to be trying to avoid that. He seems to have faith that a diverse group of people will do a better job of figuring out what works best over time than he alone, or this particular set of kernel devs, could devise today.
Of course, I could be wrong.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
"software was written to match theory, not reality"
That was very blinkered and unfortunate statement by Linus. While he portrays himself as a "practical engineer", the truth is that he is not flying the flag of professional engineering, but supporting some kind of ill-conceived ideal of ad hoc amateurism.
The world of computing is in crisis. After 40 years of 'pro' development, computing is still a human-driven craft instead of the extremely precise arm of engineering that it could so easily have become through its well-defined subject matter.
While Linus has contributed immensely to the world by delivering a wonderful engineering tool as well as a great end-user product, he is also extending the software crisis through unfortunate remarks like that one. The "reality" which he so seems to praise is THE PROBLEM in software engineering, and not something to be endorsed or supported.
If the world continued along Linus's desired path of "reality" vs theory, the current mess will know no end, and the metaphorical bridges of computer science will still be falling down in the year 3,000.
Mankind's future in computing must build on immoveable foundations of theory and logic if it is to progress into a realm where machines of IQs in the millions work at our behest. Advocating some sort of ad hoc "practical" computing barbarism is very short-sighted, dangerous, and regressive.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
The open source BSD distributions have a reputation for being better on the back end then gnu/linux ( I honestly do not know if that is true or not ).
What do they do? Do they design what they are going to do and use specs before they do it?
Do they have a single person who calls the shots on how their kernel is done?
From one of my past lives, when I designed computer systems in automobiles, before my current stint as a grad student, I can describe how we used specs. Some of our business folks who had some basic training as engineers would get together with our customers folks who had basic engineer training, and hammer our a 100+ page spec document covering everything from basic operating precepts to acceptable failure modes. They would use this document as a means of discussing what they thought they wanted to buy, and what we thought we could supply for them, and then determine a cost from this proposed spec.
After enough words had been passed back and forth, both sides would agree on a version of the spec, money would be passed around, and hardware design engineers and software engineers from all over the world would get to work. At this point, the spec would be skimmed, people would get a rough idea of what everyone wanted, and a couple hundred of the first prototype version would be cobbled together.
Testers and verification people on both sides of the fence would look at this thing, first against the spec and make sure it included everything that was talked about, and then in the system to make sure that it would work they way they needed it to. This is the closest that the design ever got to the spec. After this point, everyone would start noticing places where the spec was either too rigid to be followed cost-effectively, or just plain wrong for our customer. Since rewriting a spec is a ton of work, it never got done, and in the end was just a basis for verification folks to look at the design and complain that it didn't work they way that they thought it should. I guess someone should have included them in the "cool peoples idea passing club", but, neah.
This article isn't about a general comment as to how software should be written; it's about implementing protocols. And protocols have to be defined by specifications -- you can't simply have some vague spec that says "it should do approximately this"; you have to precisely define the language of the protocol so that everyone knows what they are implementing.
That being said, Ted Ts'o makes the most important comment in the discussion: This is the reason for the IETF Maxim --- be conservative in what you send, liberal in what you will accept. In other words, when your code talks over the protocol, be minimalist and adhere strictly to the spec; but if you can implement your code in such a way that it is tolerant of small variances (e.g. combinations of commands which make sense but are not allowed by a strict interpretation of the protocol spec) and can do it safely, then you should. This is the approach I've always taken, and having done things like implement a major printer vendor's IPP server, I have found this approach makes interoperability and compatibiltiy a lot easier and less painful to achieve.
So at least from that standpoint, I think I can see what Linus is trying to say; at any rate I agree that strictly adhering to a spec simply for reasons of mathematical correctness is not always the most productive route.
There are different types of specs. Big, formal ones, done in a vacuum, and less rigid ones. I'm a big believer in properly defining "interfaces" between different chunks of code or modules, and effectively, that's a spec. Again, I'm sure Linus uses defined interfaces all the time.
Linus codes to specs every day; the Unix/Posix API was a useful one, certainly; he didn't just go inventing his own system calls, he used standards.
I can understand why he wouldn't want to be arbitrarily constrained in kernel development by being restricted by a spec. But perhaps if he applied a bit more of this, I wouldn't have a __foo_bar_blat when compiling and loading a module with a new kernel. (And after digging, finding out that the kernel system call is no longer present. Arrrrgh!!!) This, IMHO, is one of Linux's biggest weaknesses.
Love many, trust a few, do harm to none.
I have been working with specs-driven projects for the most part of my professional career, and I can tell you that Linus has a point.
If specs were 100% accurate, then there would not be a need to write the code, because the specs could be automatically translated to code (we are talking about 100% accuracy here, not 99.999999%). But specs can realistically never be 100% accurate...it is the missing part from the specs that causes headaches.
For example, I have worked in a project that required conversions between coordinate systems: UTM to geodetic, geodetic to local cartesian, local cartesian to target, etc. The user expected to edit UTM coordinates in the GUI, but the specs for UTM coordinates where never mentioned in the Software Requirements Specification. So we searched the internet, found out what 'UTM' is, and coded the relevant functions.
You know what? the specs talked about UTM coordinates, but they actually meant MGRS! UTM means 'universal transverse mercator' whereas MGRS means 'military grid reference system'. Although the concept between the systems is the same (the Earth's surface is divided into rectangular blocks), the two systems have different calculations.
When we released the application to our customer, they freaked out seeing UTM coordinates, and of course they refused to pay. Then we pointed out that the specs talked about UTM coordinates, and they (thank God) admitted their mistake, paid us, and gave us time to change the application from UTM to MGRS.
But the application has never been correct 100% (from that point on) until recently handling MGRS coordinates, because it was very difficult to successfully change something so fundamental and yet so missing from the specs(we are talking about 160,000 lines of C++ code).
Do you want another example? in the same application, the program should display a DTED (digital terrain elevation data) file, i.e. a map created out of a file of elevation data. The specs did not say anything about the map display respecting the carvature of Earth. So we went out and implemented a flat model, where each pixel on the screen was converted linearly to a X, Y coordinate on the map.
Guess what? they meant the map display to be 'curved', i.e. respect the Earth's carvature. The specs did not say anything, until the application was connected to another application that produced the video image of the battlefield using OpenGL (and of course, since it was to be in 3d, the presented map was 'curved').
The result is that the application still has some issues regarding coordinate conversions.
After all these (and many more...) I am not surprised at all that some certain space agency's probe failed to reach Mars because of one team using the metric system and the other team using the imperial system. Even for NASA that they write tons of spec and they double- and triple- check them using internal and external peer review, specs were useless at the end.
So Linus has a point...
The root word of "spec" is "speculation".
No. Spec is short for specification, and has nothing to do with speculation, other than that one aims to identify something distinctly, one type of seeing, and the other entails a flight of fancy, another type of seeing.
Please don't present your own mistaken speculations as facts.
Yours Sincerely, Michael.
I can see where Linus is coming from; on the other hand, I can see where the statement is fundamentally flawed. The best example I can give is a 3D engine. I have worked on an OpenGL engine for almost 4 years now, and certain aspects of the engine development (namely shader architecture) were purposely left without a formal 'spec'. 3D Hardware changes more rapidly than one can build a 3D engine from scratch. If the entire engine followed a 'spec' from day one, it would be obsolete by the time it were finished. If you had asked someone four years ago what NVIDIA and ATI would be working on right now, they could never guess that vertex and pixel shaders were beginning to merge (both on the hardware (shared pipelines) and in functionality (pixel shaders have front/back face information and vertex shaders can perform texture lookups)). They could have made assumptions that caused them to code themselves into a wall so to speak and which prevents them from ever utilizing the features of Shader Model 3.0.
On the other hand, there are other teams who work on gameplay and network development. For the most part the network developers can develop a 'spec' and reasonably follow it. The gameplay mechanics follow a constantly revised 'spec', and probably the only one the consumers who play the game are ever familiar with. In this aspect of development, a 'spec' is _required_ to complete the project in a reasonable timeframe.
You could at least have posted non-anonymously
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
CS may look like engineering, but IMHO it is closer to math because of one simple fact; engineering (partly) has to do with unpredictable variables such as wear-and-tear and environmental influences. In CS, everything boils down to simple boolean mathematics (the microprocessors) thus everything is predictable given sufficient time to calculate.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Having said that I don't think CS is a science.
... check. Political science ... check. Domestic science ... check. Social science ... check. Rocket science ... er, damn.
Yes, any subject with 'Science' in the title isn't. I forget where I heard it, but it is a useful rule of thumb.
Computer science
-- Nick "Hallo this is Beel Gates, und I pronounce weendows as
Each kind of spec has its correct use. Some (like the Pirate's Code) are more like guidelines than hard and fast rules. The rules for a Sonnet or Haiku or Limeric are quite strict, but leave a tremendous amount of latitude to produce different results. Write what you want, but if you don't follow the spec for a Sonnet, its not a Sonnet. Objective, testable specs are essential for any enterprise application to work. Very often, in such an environment, the programmers for different parts of the enterprise may never meet or even know each other's names. The spec is what binds the application together.
That's because Linus is talking about hardware specs. His view is that it's better to trust reality (how the device actually behaves) than a spec (how it's documented to behave). And he's right about that.
Outside the world of OS kernels there are many software projects where the 'reality' is much more changeable, much less solid. Reality in the case of a Purchasing application or your KDE/Gnome desktop applet or the latest FPS game is likely to be a case of 'what the customer/user wants'. That's something you really need to pin down. Doesn't mean it can't change but it needs to be clearly defined.
Specs are good for propping up initial work, but they go all-to-hell quickly when projects near milestones or late completion dates. Also the mcdonalds-mentality of "hurry up with my order, I want it yesterday" that the customer always wants does not afford a lot of time to follow a regimented procedure to the tee. I've watched people (myself included) spend an assload of time writing code to follow an exact process only to constantly be late, or go crazy trying to make dates.
Programming is a creative form, no question about it. When you try and corral people's creativity into a one-size-fits-all nutshell of procedures, you are strangling possibly the largest asset they could offer you.
I encourage people to make their code readable and use comments that serve a purpose.
That's about it.
Join the Slashcott! Feb 10 thru Feb 17!
I think there's a lot of confusion over the word "specs". That can mean a few things for software:
:) It shouldn't be too complicated, but the purpose of these kind of "specs" are often mis-interpreted by "pure analysists", what in some cases ends up in a way to detailed almost pseudocode alike book. This is BAD, by theory leaves no room for interpretation, but in practice it does. The person who wrote this could have written the code instead - and would have found all contradictions, errors, and would have been faced with all practical problems his "point of view" suffers from.
:) Basicly these are nothing more than a written down version of good and clear agreements. If reality changes - these should be changed, never the other way around, but which happens way too much.
:P)
:p
1) What the program should and shouldn't do. These can be "demands" from the customer. Should be non-technical, not too detailed - but should be clear. If the customer has specific I/O demands, this should refer to other documents for this, don't mix these things.
2) Internal software analisys. Should describe the internal main blocks, in most software companies I've worked, this is done on a blackboard with all important dev's there brainstorming about a project. If it gets really complicated someone might be victimized of putting that on paper
Sadly enough - these kind of specs (in general) usually end up way too detailed. Programmers always have their "speciality" if they are left with some freedom. Let them do their own thinking give them an "IO spec" for their part - and let them do their job. At least that's what I do, I don't want code-monkeys in my team - I want individual coders who actually understand what the hell is going on. Too bad they're becoming harder and harder to find. I blame Visual Basic *grin*
3) An I/O or interface spec. What goes in and what goes out, described in what form, as short as possible, with flexibility so someone can easily add a proposal/extention to it. These are not easy to make, but luckily I work in a competitive team that understands software writing
These are 3 completely separate things. All 3 need to be done more or less for major projects, some can be left out. Mixing these should be avoided as much as possible. The first 2 I consider to be "software specs", the last-one is something completely different and I see a lot of people here confusing these. HTTP, TCP/IP, HTML, XML, XHTML, RSS and even POSIX aren't software specs, these are standardized I/O / interface specs. Such specs are in general a good thing, they describe how something should be used, so multiple programs can "communicate" with each other using the same interface.
As far as I've seen, writing software to specs is an utopia. The worst specs usually are specs written to an existing program. It's fine as "documentation" and shouldn't be used for anything else, certainly not for writing a new version. Writing detailed specs after a project is finished (well - as far as that's possible) usually has little point. Writing documentation on the other hand has a point, but this is widely regarded as a boring unimportant job (and I can't blame anybody who does
Anyway - what I suspect that Linus means is a mixture of these 3 - a mess which mixes everything in a way to detailed form. Most specs that are written are plain wrong, bad, and mix too many things. Most of the software specs are written by people who think they know everything. Nobody does.. except me offcourse
My experience getting into the kernel was usually motivated by trying to write user space programs. I finally learned what people meant when they say Linux isn't well documented.
I could care less whether there's a spec, but if I'm going to use an API, I have to know what it does. The ALSA (advanced Linux sound architecture) is absolutely the worst. The documentation is full of entries that have the form:
Now the thing I don't understand is this. If you went out to write a really big and important piece of software, wouldn't you want people to use it? What's the point of an undocumented API? It makes no sense whatsoever. You either want someone to use it, and you tell them how, or you make the methods private (i.e. not part of the API)?
Rant over.
We wrote the Open Graphics Project spec not based on purely abstract theory but based on the experiences and needs of the community. Purely for the sake of survival, I made it clear that there should be nothing in the design which could not be justified by common needs. Based on that, we developed a SPEC.
Maybe Linus is having a language-barrier problem, but a spec is just a description of something, albeit somewhat formalized. That means you could write a spec retroactively. We could write a spec for the Linux kernel as it is right now. If we were to do that, would Linus abandon Linux? It wouldn't be THAT hard to make it accurate.
Frankly, I can't write anything without SOME sort of spec. Often, those specs are contained completely within my brain, but I nevertheless must develop a coherent concept of what it is I'm going to build and what its pieces are. When I write a document, I often start out with some sort of outline. And when I write code, I have to decompose it into functions.
If a spec is any coherent description of something you make, then Linus uses specs all the time, and he's just blowing smoke out his ass.
He's complaining about specs because they're usually done badly. JUST ABOUT EVERYTHING IS USUALLY DONE BADLY. Should we say that all operating systems are bad just because Windows sucks? Should we say all cars are bad just because the Ford Taurus is designed to last only 5 years? Should we do away with TV just because of shows like "Two guys, a girl, and a pizza shop" or "Survivor"?
Linus is forgetting that Linux is based on specs, Honda makes reliable cars, and Star Gate SG1 is on on SOME channel just about all day.
To the earlier poster who compared writing code to airplane design. basically remember that airplane dynamics and stresses and struture is dictated on by a series of "specs" that were worked out by trail and error. When they found something they do not understand you typically see the wonderful "constant" which goes like first yo multiply this form by the factor of the weight and airpraesure and then forget all that and multiply by the this and magiccaly you are now in Oz. (honestly when I took calc II years ago my professor did that I said "huh" and got back a "trust me" response. (real good for a scientific understanding-no explanation-just trust me)
In truth building software to specs is almost worse than useless. design to Interfaces(YES), but when making interop software you cannot and should not rely on how another piece does its calcs just that it does its part and spits out a response (or does its part) if it returns a structure you should use the proper accessors to read the structures data as structures change from iteration to iteration. Linus is correct in that specs are wrong in fact after a few more iterative releases they usually are out of sync and cause more problems than they could have ever fixed. If programming was like an engineering project where we had a base set to use (dynamics of metals and properties of power systems) then great specs would be good, but in truth when getting past base libs we have very little of a solid unchanging base to base a spec on. hence why computer programming is less science and more "art of"
Bertrand Russel tried to put mathematics on an immovable foundation of theory and logic, sadly it turned out to be impossible.
I don't think that you got very far with Bertrand Russell.
The higher-order issues he identified caused just a temporary hiccup in the development of logic. While undoubtedly fundamental, that problem paraphrases best as "There are hidden depths to this", rather than as "All is lost".
Godel applies, as always. You don't apply a theory outside of its domain of discourse, not if you know what you're doing anyway.
Russell showed that the domain of logic gets tangled if you use it to think about itself. Well (with hindsight) that is no surprise at all. The expert logician recognizes the necessary boundary, and virtualizes the outer domain before it can be handled by the inner domain logic.
Russell is doing just fine, thank you. Almost the entirety of mankind's technological world is founded on the logic which you describe as "impossible".
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
This is obviously the rant of a person who has never programmed for an actual client (a human one). 99% of the time a spec is the understanding between the user and the provider, whoever they are. So yes, Torvalds is right that they are mainly for talking about software, but unless you are writing your own operating system on your free time, you have to be able to talk about it or you will implement something other than what the client thought they paid you for, and then they get sour. Specifications are about understanding and communication, when not the whole universe is inside one person's head.
Moreover, Torvalds doesn't really seem to know what science is. There just is no criterion that a scientific theory has "no holes." It doesn't work that way.
From what I read, it seemed like people were trying to get him to soften his stance on that, and he seemed pretty adamant that he hates specs in any form or fashion.
Of course, it's easy to do that when you're Linus Torvalds, and whatever you say/do is the de facto standard without the need to write a spec. He's basically a walking spec. However, I'd invite him to consider what would happen if all the peons adopted his theory. Nothing would interoperate with anything else.
The only thing I can think of is that he defines a spec as something that is inherently written once, before implementation begins, and is strictly adhered to no matter what. However, I don't think any sane person would agree with that definition, I can't imagine that's what the other people in the thread meant by the word "spec," and I can't believe he'd imagine anyone else defending such a process in the first place. So I do believe that Linus is being a bully again.
If specs were 100% accurate, then there would not be a need to write the code, because the specs could be automatically translated to code (we are talking about 100% accuracy here, not 99.999999%).
This is not true in general. It's quite straightforward to spec out a program that solves the Halting Problem, for example, but rather harder to code one. And there are issues to do with optimization and so forth that would not appear in a specification.
Nonetheless, there's a great deal of truth in what you say - for most real-world programs, a 100% complete formal specification of what they had to do would not be much shorter than the program itself. This is why agile development methodologies make sense.
Xenu loves you!
The OSI layer was (and, for the most part, still is) a pre-code spec. Most successful specs, in particular IETF specs such as the TCP/IP suite, are *post code* specs; they were written after or concurrent with code that implements the spec (this is an IETF requirement).
Specs written before coding commit software development projects to a higher degree of complexity in a single stage of software development (specification). This additional complexity results in an increased risk of software defects in that stage and in later stages, and, independently, increased costs to implement and maintain the software.
Simplicity rules software development. Software projects succeed or fail exactly because they do or do not prioritize simplicity first. Humans are cognitively mal-adapted for comprehending non-simple systems. Exploring the spec formally (by coding it) helps humans understand complex systems. Specs are not bad, so long as that spec is code.
These are some of the tenets of Agile software development.
"Rules are there to make you think before you break them."
Simple expertise is knowing the right thing to do. When you go beyond that to knowing when its the right time to do the wrong thing, then you have mastery. So, when somebody who has years of mastery of a craft says, "the rules are crap" it has a different truth level than when somebody who's merely competent. The difference is the way the right thing to do is backed by unspoken, unarticulated working knowledge in one case, and mere bravado on the other. I can do basic carpentry, but the difference between me and a master cabinetmaker when building a book case is that I have to keep referring to my plans, whereas the cabinetmaker, while he may have plans, operates more unencumbered by them, moving quickly and confidently because he's internalized longer sequences of operations, until he can see the whole construction process in his mind's eye. When I don't worry much about my plans, I end up with a dado on the wrong side of a plank.
Being "against specifications" of course is stupid. But Linus is in an unique position to be a bit cavalier, isn't he? Specifications do two things. First, they tell you what needs to get done. Second, they communicate this between parties, say the specifier and implementor, the customer and contracter, the builder of tab-a and the constructer of slot-b. But Linux is, if I understand this, a pretty conservative implementation of an existing model, where innovation where it occurs is fairly contained and focused areas. And as far as Linus and the Linux kernel is concerned, L'etat c'est moi. He may well have managed all these years keeping what needs to be done in his head, and the result could still have more coherence than the product of a well coordinated committee.
The other thing to keep in mind is you can't trust everything anybody says is categorically so, even when that person is perfectly honest and sincere. The simple reason for this that mosts truths have an element of fuzziness in them. In limited circumstances it is sometimes necessary to hold what is, in general more false than true, but in this case more true than false. Wisdom is knowing when and how much to doubt what you believe, or believe what you doubt.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
(1) Copying the engineering profession does not mean that suddenly all the problems associated with software will disappear. Engineering systems are frequently late and over-budget. I can name a few hi-profile examples: the Millennium Dome (UK), the Jubilee Underground Line extension (London), the "wobbly" bridge (London), the Sydney Opera House. The first 3 were "vanilla" projects - there was no real excuse for failure.
(2) Specs don't correspond will reality because they frequently use hand-waving to achieve functionality. That's what high level design does. If it filled in all the detail, it would not be high-level design. High-level design nearly always misses detail that emerges in implementation, because the only way to discover that detail is (1) to do the implementation, or (2) have a (non-human) ability to see the consequences of every design decision.
(3) If a design methodology is complete enough so that it does not use hand-waving, then the level of design has the same level of complexity as the implementation. Having used UML for many years, I have seen it grow so that now UML editors have so many icons, shapes, dialogs, that quite frankly I'd rather go back to code. The spec (and the language used for the spec), if it has the same level of detail, only adds complexity by hiding it and organising it in an artificial manner.
The future of software, I believe, lies in good libraries. They encompass the experience of programmers in particular domains. I use the example of ASP.NET. Applications written in ASP.NET are more robust and faster to produce that those written in ASP, and the ASP application are more stable and faster to develop than early applications written in CGI (generally). The same holds true for applications developed using different generations of Java etc.
Specs are crap?
;-)
I guess that's why the Freenetproject never had good specs!
And it pretty much seems a worthwile pursuit, seen the current almost-specless development of the 0.7 version.
Ok, the start was there, but it doesn't seem to get any further, even after several months.
--- "To pee or not to pee, that is the question." ---
Okay, that may work fine for linux and commercial software, but what about more critical software fields?
Are you seriously saying that all top down specs are bad? I've worked in medical for a long time, and I really doubt that you, me, or the FDA would much appreciate a heart pump that was written from the "bottom to the top".
Specs are there for a very good reason (at least in critical cases). Also, they are absolutely critical in cases where a contract house is building a product for another company. They are the only way to in the end say, "See, here is what you asked us to build. It is perfect in every sense to your spec. Check please."
If I want a heart pump, the very first thing to do is decide what I want. That's a spec. Next comes the hazard analysis, that's a spec too. and on down, until all of the hazards are mitigated and you have a heart-pump that isn't going to do anything unexpected.
This may be an unpopular view in open-source development, but it's certainly a realistic one.
Each processor would proceed sequentially as if it had been better for them not to rise against Saul.
Most people seem to be assuming he is dismissing software design specs, which has nothing to do with his discussion.
His puported viewpoint is to be taken in the context of a hardware vendor spec on how to interface with hardware. There is a significant amount of truth in this. Hardware vendors will live by specs when they need to. I.e. they adhere to PCI specs, they adhere to drive-controller specs. They are careful about areas where they communicate on a bus or channel to arbitrary other vendor hardware.
However, the interface between the OS and the piece of equipment will almost always have poor specs. They are usually designed at the start of the design of things, and then while working the reality shifts from the spec. Unless going for some sort of standardization (i.e. IETF and such), the spec is rarely updated even in the face of significant change. At that point the reference implementation is the only thing anyone is maintaining and the only thing that particularly matters.
On the other hand, at least you know where they are coming from. Ultimately, an ideal world has a vendor releasing both specs and their reference implementation.
XML is like violence. If it doesn't solve the problem, use more.
We always write to specs. Usually implied. Whether it starts as just a few lines on a cocktail napkin or it's an explicit interface definition, it's just a starting point; but a project without any is guaranteed disaster. I know that requirements gathered by comittee rarely translate into live code and I personally find that the best way to gather requirements is to prototype heavily, but you have to start somewhere. Every right-thinking programmer detests documentation; unfortunately there is no substitute for the waterfall. People may think they've just written the most brilliant piece of code ever, but if it's not spec'ed and coded to that, thier grand creation becomes just another pile of steaming spaghetti code to the next poor slob that has to deal with it.
MfT
<!--
while(!am) r2();
Why should I be expected to be the one to find the holes, just because they can't be arsed testing it properly?
Usually you shouldn't, however you will. It doesn't matter if you're creating a web browser that can't display "broken-but-renders-on-IE" webpages, an IDE driver that may corrupt data on "UDMA-compatible-but-not-compliant" hard drives, or a server process that crashes on corrupt or malicious out-of-spec data: as long as your code is what's interfacing more directly with the user, your code will probably be blamed for the problems. In particular, if one of your competitors has found and worked around the holes, your code will definitely be blamed for the problems.
It's not fair, but it's life: from a user's point of view it's easier to get new software than to communicate with a different set of people or buy new hardware.
He's not complaining about specs as a way of getting things to behave the same. He's talking about using hardware specs to base your software on. If you try to talk to your PCI hardware by following the PCI spec, chances are that it won't work, because a huge portion of PCI hardware doesn't quite work right. Someone had been saying that, in order to write a good SCSI driver, you should follow the guidelines in the SCSI spec, and Linus was saying that, if you did that, your results wouldn't work with a lot of real hardware that people use, and you won't be able to deal with these quirks, because you won't have designed your system to handle them.
It's not about the development model at all. The situation is that Linux has to work with third party devices, where the spec is like a contract that the other party hasn't signed. You can do your part to be perfectly compatible, but when the computer's BIOS tells you impossible things, you can't go yell at them, because they don't really care, and the user still wants the computer to work.
I personally wouldn't go on an airplane where the people designing it just trusted that parts perform the way the contracts specify. The most common area in engineering failures is to assume that, just because you say that something has to be done a certain way, it'll actually get done that way. I want my airplane designed such that, if a couple of the engines aren't aren't doing what the manufacturer claimed they'd do, the plane doesn't just crash. You have to expect that a certain amount of the stuff will misbehave, and the safety of your system really depends on just how much of it can misbehave before something terrible happens.
In short, if you're producing SCSI adaptors, you should understand the SCSI spec completely. But if you're writing a SCSI driver, you should have a copy of the spec, but also a big database of how particular hardware violates it, and notes on what parts are unreliable in practice, because there are certain to be a lot of these.
But one of the most important things to do when creating one is make sure that each and every element of the specification is testable. That prevents you from wandering off into wild-eyed ivory tower land. I know, because I've been very successful at writing specications documents. On the most successful one, we had 4 bugs at the end of a three month development effort. We were on time and under budget. On the previous iteration of the system, it took three years, was over six months late, and had over 300 bugs that took three months to stomp. Granted, a good specification was not the only factor. I was working with an excellent development team and a manager who enforced good practices, such as complete code reviews for every piece of code before it was checked in.
BTW, It's not unusual for Linus to say some pretty bizarre things. Often they are taken out of context, but sometimes, like any other human, he's flat out wrong. [ waiting for the god of programming to strike me down... ]
Anyone who blindly accepts statements made by someone else should become a religious disciple, not a programmer. If you want to be a good coder, investigate and make up your own mind, don't let people tell you what to believe.
-All that is gold does not glitter - Tolkien
www.ra