Slashdot Mirror
The Ways Programming Is Hard
An anonymous reader writes "Those of us who spend our days sitting in front of a screen trying to make computers do our bidding know how difficult programming can be. But from an outside perspective, there's not much to indicate difficulty. Most of us have heard somebody compare our job to digging ditches, or some other manual labor, meant to contrast easy (sitting around and typing) versus hard (muscle-wearying work). Now, Peter Welch has written an amusing essay to help combat that point of view, titled Programming Sucks. He compares bridge building to a big software project. Here's a small part of it:
'You start by meeting Mary, project leader for a bridge in a major metropolitan area. Mary introduces you to Fred, after you get through the fifteen security checks installed by Dave because Dave had his sweater stolen off his desk once and Never Again. Fred only works with wood, so you ask why he's involved because this bridge is supposed to allow rush-hour traffic full of cars full of mortal humans to cross a 200-foot drop over rapids. Don't worry, says Mary, Fred's going to handle the walkways. What walkways? Well Fred made a good case for walkways and they're going to add to the bridge's appeal. Of course, they'll have to be built without railings, because there's a strict no railings rule enforced by Phil, who's not an engineer. ... Would you drive across this bridge? No. If it somehow got built, everybody involved would be executed. Yet some version of this dynamic wrote every single program you have ever used, banking software, websites, and a ubiquitously used program that was supposed to protect information on the internet but didn't.' Welch goes on to gripe about all the ways in which programming is almost awesome, but ends up being annoying."
'You start by meeting Mary, project leader for a bridge in a major metropolitan area. Mary introduces you to Fred, after you get through the fifteen security checks installed by Dave because Dave had his sweater stolen off his desk once and Never Again. Fred only works with wood, so you ask why he's involved because this bridge is supposed to allow rush-hour traffic full of cars full of mortal humans to cross a 200-foot drop over rapids. Don't worry, says Mary, Fred's going to handle the walkways. What walkways? Well Fred made a good case for walkways and they're going to add to the bridge's appeal. Of course, they'll have to be built without railings, because there's a strict no railings rule enforced by Phil, who's not an engineer. ... Would you drive across this bridge? No. If it somehow got built, everybody involved would be executed. Yet some version of this dynamic wrote every single program you have ever used, banking software, websites, and a ubiquitously used program that was supposed to protect information on the internet but didn't.' Welch goes on to gripe about all the ways in which programming is almost awesome, but ends up being annoying."
he's right it does suck
Only complete idiots/tools think this way about any profession. Brick laying looks easy, but I wouldn't trust someone who's never picked up a trowel in their life before to put up a brick wall. Anyone 'outside the profession' should only be concerned that the code works, is maintainable, and is to spec, along with passing a security audit.
Wimp working for an excessively-large company with rules that might allow "casual Fridays" with strict dress codes. He's whining about corporate culture, not programming. The "Neo" problem that first gave you the hint that he wasn't an actual hacker, just some script kiddy in a minimum-wage cubicle farm.
problem of "other peoples' code" is an actual problem?
Because if so, I think you may be the script kiddy in a minimum-wage cubicle farm.
STOP . AMERICA . NOW
It's a good article, and all too true. Software is a house of cards at best, with your boss shaking the table, the hackers throwing ping-pong balls at the house, and the NSA coming down the hallway with a baseball bat.
I do not fail; I succeed at finding out what does not work.
Compare this to digging a ditch, which is hard labor, but provides almost instant gratification (you can always look at how much of the ditch you've already dug), and you're not likely to fail completely (unless you're trying to dig in solid rock).
Every programmer starts out writing some perfect little snowflake like this. Then they're told on Friday they need to have six hundred snowflakes written by Tuesday, so they cheat a bit here and there and maybe copy a few snowflakes and try to stick them together or they have to ask a coworker to work on one who melts it and then all the programmers' snowflakes get dumped together in some inscrutable shape and somebody leans a Picasso on it because nobody wants to see the cat urine soaking into all your broken snowflakes melting in the light of day.
If you start cutting corners, you're going to end up with a mess. If you're a good programmer, you know how to write solid code even under time constraints. If you're having trouble with it, then you should probably look into the YAGNI principle, or get better at estimating how long your tasks will take. Because those are the two things that seem to afflict programmers who are chronically behind schedule.
Don't write bad code though, because you'll need to maintain it.
"First they came for the slanderers and i said nothing."
The author has a great sense of humor, and ripostes some of programmings possible pitfalls into clever and hilarious absurdities. However, I strongly refute that this article is a remotely accurate portrayal of programming, and I hope it is not taken as such by prospective coders on the fence. In my view, programming is possibly one of the few havens of relative sanity available (although with wood-working and pure mathematics probably have it beat). The true insanity is HUMANS TRYING TO COLLABORATE WITH OTHER HUMANS. If in doubt, please re-read the article with that in mind, and I think you'll find all the admittedly hilarious conceptions boil down to that issue, and that issue is pervasive in nearly any job you could name. Programming is an oasis from insanity, not ground zero.
What I struggle with is translating badly worded/badly thought through/incomplete business requirements into program logic. All too often something which seems straight forward to a business person is a can of worms when it comes to implementing it.
I want a list of atrocities done in your name - Recoil
Because the code I wrote is not what is being executed, and if it was, we would not have the level of performance we have today. Moreover, the level of complexity of today's computer. Moreover, tolerance are such in the physical world that a construction guy can afford to "cut corners", whereas software is a lot less tolerant to a bad input, remember, it's a dumb automaton.
This is a real problem. Open source projects have a very varying degree of Quality Assurance.
Because proprietary software is better ?
Writing a piece on how programming sucks, in a typeface that hurts my eyes to read.
Portable toilet cleaner ...
Sewers cleaner
Animal masturbator
Janitor at a porno theater
Programming is bonanza
It is....sometimes. The biggest problem with Open Source QA is also one that affects a lot of research, everyone wants to code, nobody wants to be a reviewer/bug fixer.
Look at the HeartBleed bug, there was only one source review before release. There could have been more, but open source suffers from the peer-review paradox: the people with the ability and resources to do thorough reviews are the ones least likely to want to do reviews. Quite simply, there isn't any "glory" in it, and it isn't nearly as much fun as creating new code yourself. Now in big commercial operations, especially web sites, there are large QA departments where everyone has a financial motivation to scrutinize code and find weak spots. Really if companies like Google et. al want to help open source, they shouldn't just contribute code, they should donate their QA team's time and talents to doing really thorough reviews on critical open-source code before it's merged into the main branch.
Monstar L
(Wait, did I just hear you denying that the general) problem of "other peoples' code" is an actual problem?
Because if so, I think you may be the script kiddy in a minimum-wage cubicle farm.
Bonus points for realizing that your own code from three months ago is also "other peoples' code".
The best part is when you find out that the "other guy" who put in the stupid code is you from months or years ago. You start to get incensed and rant about what idiot would write such awful code, check the commit logs, then facepalm as you realize it was you.
I occasionally wonder if that kind of thing would happen less frequently if our profession wasn't so quick to fire the guys whose gems turned black.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
When people work in a group as a team this inevitably happens and that's all right. Building a perfect software that satisfies everyone is a hard NP problem. What's the point of being perfectionist if that 10% you wish to polish it going to consume 90% of your time and money.
If you're not satisfied with the level of quality in open source software, you're free, actually encouraged, to improve it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This is a real problem. Open source projects have a very varying degree of Quality Assurance.
Look at the name - Quality Assurance. QA can only tell you it's bad, it doesn't make anything better. And what they can look at is usually only the external, visible part, which may seem to be working nicely but built from spit and wire on the inside, ready to fall apart at the next version update of the printer driver. That doesn't mean QA is useless, it's just a final double-check to see that you've built the right thing. :P.
No, writing good quality software is a team effort of everyone involved. As a developer in the middle, you should be able to smile at the great design documents given to you by the system analysts, telling you what's needed and how, while having enough freedom to do it in the best way given the tools and frameworks you work with. And you should be able to high-five the QA people when they fail to find anything wrong when you deliver it, because you know that if they give their OK you can sleep on both ears and the users will be able to do what they need to do. And that's a good month's work if you managed to get there on the third try
Where's the paradox, it's the same in science. Everyone wants to make the new discovery, nobody wants to review and verify them.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Fred only works with wood?
Perhaps he should consult a physician.
Well, the paradox is that open source and science both depend on peer-reviews, but the only people capable of doing them don't want to do them.
Monstar L
The comparison that has been coming to my head, regardless of whether I was self- or otherwise- employed is: coders are the plumbers of the Internet age. Furthermore, we are the electricians, the elevator drivers, the janitors, the security guards, the dealers, the cops, the architects. All generalized comparisons apply, because the Net is a representation of the world. Slightly skewed, a representation nonetheless.
I am proud of the being an Internet plumber and cheers to others who spend their days trying make it work smoothly.
From what I've heard, actual construction engineering is typically not that far removed from the description in the article.
Sure, the designs in construction engineering are way better proven and tested than the designs in software engineering, but the building process is in many ways still a trial and error affair where things can and usually will go wrong. Then the post mortems sometimes come with literal post mortems attached to them. How well do you think those engineers sleep at night?
One nice thing about computers is that they usually have nowhere near enough mass to crush a person to death.
a} Clueless psychopathic suits in management, who make impossible schedule demands, and have no programming background themselves.
b} The use of popular, but garbage programming languages. C++, PHP and Perl are probably the main three culprits here. Dishonourable mention also goes to XML, JavaScript, and the XHTML Document Object Model. I have never encountered a "Web application," yet, which wasn't a disorganised, bloated, CPU hogging abomination.
For the last two months I've been economically forced to use a dual core 1.5 ghz laptop with 2 gb of RAM, and it can only barely keep up with the inefficient, JavaScript-infested obscenity that the Web has become. Virtually none of said JavaScript ever provides truly valuable functionality, either; most of it is just trackers of various kinds.
It's also purely due to Capitalism; all of it. Why have Red Hat had Lennart try and force systemd, GNOME, and the rest of their corporate crapware on Linux users? Their desire for a corporate monopoly, that's why.
What caused the UNIX wars? Corporations wanting to add their own non-standard extensions, to ensure their coveted Unique Selling Positions.
We must get rid of the suits.
Newsflash: We're living in the first world. If you want different problems, you have to move.
Not going to? Gee, wonder why. Could it be that you prefer having first world problems?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
That's true for both. When was the last time you saw a Nobel Prize winner repeat an experiment from someone else just to prove his colleague?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'm glad I'm not the only one who hates that patronising phrase. You're not dying of starvation or disease so you should be happy all the time.
If you aren't making a comparison you shouldn't draw a distinction. If closed-source software isn't better then the distinction in source-openness is irrelevant and misleading.
Thinking is hard, but there is a kind of thinking that is harder.
Rough order of thing (easiest to hardest).
1) lounging around doing nothing (easiest)
2) doing what you are told to do without physical exertion (menial white-collar work)
3) doing what you are told to do with physical exertion (menial blue-collar work)
4) independent thinking about things not involving organising other humans (programming, painting, composing music, solving systems of equations)
5) independent thinking about things involving organising other humans (managing programers)
6) independent thinking about things involving organising other humans who are in turn doing independent thinking involving organising other humans (hardest)
The article is very funny, and makes a lot of good points, but it's not really addressing the question. It gives reasons software projects are difficult. Not why programming as such is. The engineering part, if you will.
The reason programming is difficult is because it's discrete. Whereas most (all?) other engineering is continuous.
If you try to bend a steel rod, there's going to be a range of strain for which nothing will happen, another where it will flex and recover, another where it will flex permanently, and finally a point where it will fail. This is all contiguous, and you can reduce it to a few numbers that will accurately predict the behavior of identical rods. Depending on the expected load, and the desired behavior, you can then pick the right rod, that will behave the way you need it to, with a good and predictable safety margin, because you know when what will happen.
Software, on the other hand, is discrete. That linked list can behave correctly as you add elements, then remove them, all good, then fail when you remove the last one and it (should) become empty again. There's no hint of that unless you test the very specific condition. There is no failure progression. There is no concept of safety margin.
That's why software regularly blows up. That's why it's difficult to make it not blow up. It's always on the edge.
I'm glad he's not bitter about that shit!
</rant> tag was not correctly open... I got down reading the whole article, but that thing crashed me!
Where's the paradox, it's the same in science. Everyone wants to make the new discovery, nobody wants to review and verify them.
Verifying is easy. Checking and finding out that it doesn't work, not because you are too stupid to reproduce the experiment, but because it just doesn't work, that's the hard part. Plus you don't make friends doing that, obviously.
The difference between building a bridge and building software is that an engineering company will build a model of the bridge, the client will look at it (and possibly several other models), say "Yes, that's what they want. How long?" The engineering company will say "2 years" and the client will probably say "OK".
In software, you build a model showing the menus, dialogs and screens, present it to the client, who then says "That's right, but it needs just this one more thing." We can have it by next Thursday, right?
Because a model bridge is patently not the real thing, but model software is virtually identical to the only parts of the system that most people will ever see.
Interesting take, I'd not seen it put that way before.
I once heard a horror story of an embedded software project. They were forced to only use debug builds, as the release builds seemed to trigger a race condition in the start-up code. The 'held together with paper-clips' approach to software engineering...
We can at least lessen the fragility by using regular testing and defensive programming.
(I'm almost crazy enough to think we should actually use the tools intended to make software that damn well works, but we all know that's never going to happen.)
Verifying can be fun, I like breaking other people's stuff. However I find companies rarely want to pay for it to be done properly since that often costs more than the development in the first place.
Of course it can be hard to test properly if the company doesn't want to take the time to say exactly what the program is supposed to do in the first place.
And can I get the header in cornflower blue?
"If any question why we died, Tell them because our fathers lied."
Yes, and wherever that experience is lacking because the progress and rate of change are related by a differential equation, what type of engineer manufactures the expanding putty? The Roman engineer or the von Neumann engineer?
Young engineers heap success. Old engineers bleed failure.
That was a pretty good rant, but if you want a true description of the mind-melting Lovecraftian horror that is programming (from a Microsoft distributed systems engineer, no less), there is no better read than this article.
I don't care if it's 90,000 hectares. That lake was not my doing.
I just don't get this bridge thing... I know cars drive on them but how does that relate to anything!?
Or as so nicely put in The Codeless Code:
http://thecodelesscode.com/cas...
There are reasons for that:
1.) QA positions get no respect at any company I've ever worked for. Most of the time they are simply reduced to the role of "point and click monkeys", in quotes because I don't like the phrase and I've heard it from software engineers many times.
2.) Because of the lack of respect and complete misunderstanding of what good QA should be doing the pay differential between a QA position and a software engineer is massive and when companies make cuts QA is always seen as more expendable.
The reality is companies need to start treating the role of Quality Assurance Engineer with more respect and paying better money to attract good engineers to take the role. Reading other people's code, understanding what they are attempting to do, seeing the flaws and being able to fix them without creating more issues is a really tough job. In my opinion it is far more difficult than creating new projects and we should all start treating it as such.
Bad code keeps many, many, many people fully employed at good hourly rates. So be thankful for it.
This is part of why I got out of programming. I saw this coming a long, long time ago. I loved programming all alone. Creating clean, neat, tidy code with excellent, efficient data usage and easy to work with user interfaces that followed good standards and human interface dynamics.
But that has all changed. Coding has become like working with zoning regulators and legislators who know nothing about the rules or environments they deal with.
Now I just code for myself. I still get the enjoyment of it and don't have the hassle or stress.
One happy programmer.
Actually, it is more like solving a huge jigsaw puzzle, but without an actual picture of how it is supposed to look when it is completed, and with a picture that changes while trying to put it together.
Look at the HeartBleed bug, there was only one source review before release. There could have been more, but open source suffers from the peer-review paradox: the people with the ability and resources to do thorough reviews are the ones least likely to want to do reviews. Quite simply, there isn't any "glory" in it, and it isn't nearly as much fun as creating new code yourself.
It's not that much different for proprietary software. Some companies do take QA very seriously, and thoroughly test stuff before shipping it to customers. Aerospace companies, for instance, test their code extensively, since lives are at stake. Other companies don't.
Even hardware (silicon) isn't always that great. Intel only instituted the extensive verification departments it has now because of the infamous FDIV bug in the Pentium. Lots of CPUs and other ASICs have enormously long errata sheets, requiring software workarounds.
That's what code review is: it gets people to look at the code and do a visual inspection for style (to make sure violating coding conventions isn't going to introduce a serious bug; this is a big factor in embedded programming where, for instance, you can't use C++ exceptions or de-allocate memory), and also for bugs which are obvious upon inspection by others. It's not a substitute for formal verification or black-box testing.
Open-source software mostly works by using the users as bug-testers and encouraging them to file bug reports (or better yet, patches if they can). In effect, the users are the QA department. Since QA costs a lot of money (or at least effort), this is not a bad trade-off; you get the software for free, but there may be bugs. However, with so many users out there, some portion will be interested enough to file bug reports, and over time the bug quality will become very low. It also helps a lot if the software doesn't change frequently or gratuitously. Proprietary software is infamous for continuously adding more questionable features, or "bloat", in an effort to stay relevant and get people to pay money for an "upgrade". Look at Adobe's software for a great example. Their PDF reader is bloated beyond belief, and they keep tacking extra crap onto the standard. You don't see so much of this in open-source software, except maybe for a few particular projects (GNOME, I'm looking at you).
Also, it's not that big a deal if you find an odd bug in some open-source PDF reader or other application. A bug in a safety-critical piece of software is another matter.
QA people don't really need to be able to read code and fix bugs directly. That's not even an efficient use of resources. A proper formal verification team's job is to understand the system they're testing, create a test plan, and develop tools to test that the system works as it should (the more automation, the better, as you can use automation to increase the amount of testing and catch more corner cases). Their only role in understanding the inner workings of the system is to be able to help isolate the root cause of the problem, so that the actual developers/engineers who are responsible for the bug can be alerted to it ASAP instead of involving a bunch of unrelated people and having a lot of finger-pointing.
Source: I used to work in a formal verification department for multicore processors.
There's no shortage of shitty proprietary software filled with bugs, missing features, lacking documentation, containing unoptimized code, and having security vulnerabilities. With OSS, the shortcomings are simply more obvious and apparent to anyone who cares to look for them.
Yes, some proprietary software does real QA. Not all of it does, and a lot of it is half-assed.
Software that works very differently in debug builds is common. The 1993 edition of Steve McConnell's "Code Complete" was the first thing I remember reading that talked about reducing debug vs. release variance. IIRC, Microsoft was chewing this problem heavily then because the betas of Windows and their development tools going to developers included debug instrumentation, while the released versions did not.
SPARK falls squarely into silver bullet territory. Taking on that idea goes back to at least Fred Brooks's 1986 No Silver Bullet paper.
You're confused about the real cause and effect here. The biggest problem with open source QA is that no one wants to fund it. It's straightforward (albeit not easy) to solicit sponsors for building new features. The users of the software who financially benefit from it rarely feel like it's their responsibility to pay for QA across the whole project. And that's how QA normally works; ugly, time consuming bugs to chase down often start with a problem you can't even connect to the responsible code at first.
Developers don't just work on features over bug fixes just for status or personal satisfaction. You're projecting a sort of selfishness on them by saying that, which is a pretty silly attitude to have toward the sort of people who work on open source.
Getting paid to develop new features give you a clear finish line to get some money to support yourself at the end of the day. That's why open development ends up organized in that direction so often. The main thing that's different about commercial development priorities is that paying a person to do QA is recognized as necessary. When I raise money for open source development, I constantly struggle over how to put QA into the budget in a form that it's recognized as necessary.
This is absolutely at the core of the Heartbleed story. The OpenSSL Foundation has dumped large amounts of money toward checkblock compliant features like FIPS compliance. The same amount of money would have funded a lot of source code review, but people don't pay for that. If developers want to eat, they have to prioritize chewing on features.
If Google et. all want to help open source, they should provide a lot more funding. We don't need their QA departments, we need the cash they're making off our backs.
SPARK falls squarely into silver bullet territory.
Well, in terms of correctness, formal methods really are a silver-bullet.... assuming an infinite budget and an unchanging, well-understood spec ;-P
http://gamearchitect.net/Artic... By Kyle Wilson ... But the nature of software is that the problems are always different. You never have to solve the exact problem that someone's solved before, because if software already existed that solved your need, you wouldn't have to write it. Writing software is expensive. Copying software is cheap. Scott Rosenberg coins this as Rosenberg's Law: Software is easy to make, except when you want it to do something new. The corollary is, The only software that's worth making is software that does something new."
""Software is hard," reads the quote from Donald Knuth that opens Scott Rosenberg's Dreaming in Code. The 400 pages that follow examine why: Why is software in a never-ending state of crisis? Why do most projects end up horribly over-budget or cancelled or both? Why can't we ship code without bugs? Why, everyone asks, can't we build software the same way we build bridges?
See also the book http://www.dreamingincode.com/ by Scott Rosenberg:
"Dreaming in Code: Two Dozen Programmers, Three Years, 4,732 Bugs, and One Quest for Transcendent Software sets out to understand why, through the story of one software project -- Mitch Kapor's Chandler, an ambitious, open-source effort to rethink the world of e-mail and scheduling. I spent three years following the work of the Chandler developers as they scaled programming peaks and slogged through software swamps. In Dreaming in Code I tell their stories."
I doubt it mentions how I wrote to the Chandler Project early on about using ideas like triples from my Pointrel project but did not get much of a reply... :-) Still my own project has been ongoing for decades. It's surprisingly difficult just to store and synchronize versions of data in useful ways when faced with uncertainties about future needs.
My latest attempt of many, many:
https://github.com/pdfernhout/...
"This stores snippets of HTML entered in a text area in a local IndexedDB database in your browser. These snippets can be displayed in a list below the edit box. TiddlyWiki was a bit of an inspiration for that list display. This is intended to support "bootstrapping" more a more complex system, such as Doug Engelbart worked toward to support a co-evolution of tools, knowledge, community, and processes."
Git is remarkable in that way in fitting into current practices of using hierarchical files changed by desktop tools. Still, it misses a lot as far as references to data items that can be exchanged globally (needing longer hashes), or dealing with large binary files (constantly rechecking stuff, but with workarounds), or dealing with rapid collaboration by several people such as to create shared drawings. But it is still awesome as far as it goes.
"Dat" is another up-and-coming approach I wish well, started by Max Ogden:
http://www.knightfoundation.or...
http://dat-data.com/
"Dat seeks to increase the traction of the open data movement by developing better tools for collaboration."
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
The main story is an interesting opinion piece.
But further down he represents facts that i dont believe. Citation needed.
Tell me more about the "two lines of code that parse two lines of embedded comments in the code to read the Mayan numbers representing the individual ASCII characters that make up the magazine title, rendered in 90-degree rotated ASCII art." program. I cant find it on the internet.
Hivemind harvest in progress..
To that i say "To facilitate comprehensible opportunities, you have to limit options.".
This goes for game level design, the Apple ecosystem, jigsaw puzzles for toddlers, and the kind of focus that i only see in broke entrepreneurs that reboot their career.
Hivemind harvest in progress..
I was having a conversation earlier today about this with a friend. Clearly this guy finds programming overwhelming, is likely to write hacky code, deals with pressure the wrong way, and concludes that everything is just broken. Maybe he's just too immature and it'll get better later, maybe he would just be happier in another field. A good engineer should not deal with the code quality vs time tradeoff by writing crappy code all the time. If he can't write maintainable code in the given timeframe, then either he is too slow or not standing up for the quality of the codebase. Either way, bad outcome. It seems to me that behind the hyperbole, he really has this view that is more appropriate to hacking away in the college computer lab than to real engineering. I don't particularly want to hire someone who dreams in code or works 80-hour weeks and cuts corners until his code is a mess. I would rather hire someone who gets the big picture of engineering. I think if he worked in a real coding shop (one where there are code reviews, and issues of style differences never even enter into the picture because you follow the group's coding style) he would get a better picture. But I guess when 9 out of 10 startups do embody the culture he describes... Thing is, 9 out of 10 startups also fail. When he described the failed bridge project- that kind of attitude doesn't cut it for long in software engineering either. But since he believes that's inevitable, it makes me think that's how he'd act.