Original TechReview Article ...

 

  http://www.technologyreview.com/articles/print_version/mann0702.asp

 

 

Why Software Is So Bad

 

Technology Review, July/August 2002

 

By Charles C. Mann

 

ccm: For years we've tolerated buggy, bloated, badly organized computer programs. But soon, we'll innovate, litigate and regulate them into reliability.

 

dl: Yeah, right.  Just after the violence ends, human rights become universal, world peace happens, and repressive governments around the world see the error of their ways.

 

ccm: Some software companies are responding to these criticisms by revamping their procedures; Microsoft, stung by charges that its products are buggy, is publicly leading the way.

 

dl: Sorry.  Microsoft is publicly following, being dragged kicking and screaming forward  into the 1980's by a disgusted customer base.

 

ccm: Nor is Microsoft software especially flawed; critics often employ the company’s products as examples more because they are familiar than because they are unusually bad.

 

dl: Yes, actually, Microsoft's software is unusually bad.  Not just their software, but their platform provides an environment of poor quality, a culture that almost demands badness of all of the software that runs on it.  Peer pressure ...

 

Not that Apple and Sun are a whole lot better -- both of them are also still stuck with a C mindset.  But at least they've both had a bit more security sense than MS has had.

 

ccm: Programmers write code in languages such as Java, C and C++, which can be read by human beings. Specialized programs known as “compilers” transform this code into the strings of ones and zeroes used by computers. Importantly, compilers refuse to compile code with obvious problems—they spit out error messages instead. Until the 1970s, compilers sat on large mainframes that were often booked days or weeks in advance. Not wanting errors to cause delay, coders—who in the early days tended to be trained as mathematicians or physicists—stayed late in their offices exhaustively checking their work. Writing software was much like writing scientific papers. Rigor, documentation and peer-review vetting were the custom.

 

dl: The continuing popularity of C-based languages is one of the bigger reasons for many of the security and reliability problems in today's software industry.  Since the 1980's we have had languages that encourage reliability (ML, Ada, et al.) much better than any C-based imperative language, yet the industry largely ignores them.  (I'm not saying that using such languages would be a panacea, just that they could contribute towards improving the situation.)

 

ccm: Just as houses are built with standardized two-by-fours and electrical fittings, component-based programs are built out of modular, interchangeable elements: an example is the nearly identical menu bar atop every Windows or Macintosh program.  [...]  Microsoft, he says, was an early, aggressive promoter of this approach—“it’s the single best engineering decision they ever made.”

 

dl: Modular, yes.  Interconnectable, yes.  Interchangeable, no.  We use different modules to get different effects or different performance or, yes, security characteristics.

 

ccm: Worse, for marketing reasons companies wire as many features as possible into new software, counteracting the benefits of modular construction. The most widespread example is Windows itself, which Bill Gates testified in an April session of the Microsoft antitrust trial simply would not function if customers removed individual components such as browsers, file managers or e-mail programs.

 

dl: Yeah, right.  And you believed that self-serving liar?

 

ccm: “That’s an incredible claim,” says Neumann. “It means there’s no structure or architecture or rhyme or reason in the way they’ve built those systems, other than to make them as bundled as possible, so that if you remove any part it will all fail.”

 

dl: Yep, it is literally incredible -- i.e., not true.  Even MS are not that stupid.  It was a lie.  Gates perjured himself.

 

ccm: “That’s the way software is designed and built everywhere—it’s that way in spaceships, for God’s sake.”

 

dl: Not true,  not everywhere.  Some spaceships, yes.  Of course, in an article that apparently considers MS-Windows to be the software industry, "everywhere" probably has a special, restricted meaning.

 

ccm: If a bridge survives a 500-kilogram weight and a 50,000-kilogram weight, Pfleeger notes, engineers can assume that it will bear all the values between. With software, she says, “I can’t make that assumption—I can’t interpolate.”

 

dl: Software is chaotic.  That is, very small changes in the input can yield radically different  results.  Testing is crucial and largely ignored by developers.  eXtreme Programming gets that one right.

 

ccm: “The classic dilemma in software is that people continually want more and more and more stuff,” says Nathan Myhrvold, former chief technology officer of Microsoft. Unfortunately, he notes, the constant demand for novelty means that software is always “in the bleeding-edge phase,” when products are inherently less reliable. In 1983, he says, Microsoft Word had only 27,000 lines of code. “Trouble is, it didn’t do very much”—which customers today wouldn’t accept. If Microsoft had not kept pumping up Word with new features, the product would no longer exist.

 

dl: Au contraire, Word-5.1a was better than any version since.  It was only the fact that other losers were "up"grading to that bloated, ill-designed crufty piece of shodware that forced us to "up"grade.

 

ccm: “Users are tremendously non-self-aware,” Myhrvold adds.

 

dl: People who use Microsoft software are certainly clueless.

 

ccm: In January, Bill Gates issued a call to Microsoft employees to make “reliable and secure” computing their “highest priority.”

 

dl: Finally.  In 2002.  After nearly 20 years...

 

ccm: Gates’s initiative was apparently inspired by the blast of criticism that engulfed Microsoft in July 2001 when a buffer overflow—a long-familiar type of error—

 

dl: In code written in the abysmally unsafe C language that too many hack programmers still use.

 

ccm: Battered by such experiences, software developers are becoming more attentive to quality. Even as Gates was rallying his troops, think tanks like the Kestrel Institute, of Palo Alto, CA, were developing “correct-by-construction” programming tool kits that almost force coders to write reliable programs (see “First Aid for Faulty Code” ). At Microsoft itself, according to Amitabh Srivastava, head of the firm’s Programmer Productivity Research Center, coders are working with new, “higher-level” languages like C# that don’t permit certain errors.

 

dl: Like Ada, ML, Haskell, OCaml, Python:  languages that have been around -- and ignored -- for as much as 20 years.

 

ccm: Involving colleagues like business managers, administrators, customer support agents and user interface experts in software design meetings “is obvious when you think of it, but hardly used at all,” McConnell says.

 

dl: Likewise peer code reviews, pair programming.  Practices recommended in McConnell's excellent books Code Complete and Rapid Development; and in xP and in the Pragmatic Programmers' books.  (By "xP" here and below, I mean not just Extreme Programming but the several related agile development styles.  See http://www.martinfowler.com for some related writings.)

 

ccm: Tracking revisions. According to Amitabh Srivastava of Microsoft, improvements will also come from new tools that meticulously tally changes in software code, allowing testers to focus on heavily rewritten sections that may contain more errors.

 

dl: xP encourages programmers to create tests for everything.  So "testers" is a misleading term here:  it should include both the programmers, who create and run unit tests, and QA people, who do the same in addition to managing the creation, integration, and execution of more systematic overall testing.

 

ccm: When PC Magazine tried in 1999 to run a head-to-head comparison of Oracle and Microsoft databases, Oracle used the license terms to block it.  To purchase Network Associates’ popular McAfee VirusScan software, customers must promise not to publish reviews without prior consent from Network Associates

 

dl: This kind of shit should be illegal.  At least, the market should loudly decry such garbage and should boycott the perpetrators.

 

ccm: Even a few members of the software-is-different school believe that some programming practices must be reformed. [...] French Ariane 5 rocket catastrophically failed [...]  due to [...] a buffer overflow.

 

dl: I.e., it failed in part because they were writing in C.

 

ccm: One way or another, some computer scientists predict, software culture will change.

 

dl: When enough pepole realize that it's actually cheaper and can be faster to market to do xP style engineering.

 

ccm: “I Love You” virus, for instance, spread largely because Microsoft—against the vehement warnings of security experts—designed Outlook to run programs in e-mail attachments easily. According to Computer Economics, a consulting group in Carlsbad, CA, the total cost of this decision was $8.75 billion. “It’s amazing that there wasn’t a blizzard of lawsuits,” Wallach says.

 

dl: It's astounding that MS didn't have to pay that $8.75 billion.

 

ccm: Software firms have been able to avoid product liability litigation partly because software licenses force customers into arbitration, often on unfavorable terms, and partly because such lawsuits would be highly technical, which means that plaintiffs would need to hire costly experts to build their cases.

 

dl: And it means that juries would be clueless and unable to make informed decisions about the cases.  I mean, if a Tech Review writer can be this ignorant, imagine the 12 people dragged off of the street, unable even to figure out how to get out of jury duty.

 

ccm: [...] groundless litigation can extort undeserved settlements. But as Wallach says, “it just might be a bad idea whose time has come.”

 

dl: It's also possible that market forces could shift away from MS.  Linux users avoid MS partly because of Microsoft's abysmal security record.

 

ccm: [...] once companies have a gun to their head, they’ll figure out a way to improve their code.”

 

dl: Psst, Hey!  Are you interested in buying a bridge ?

 

Though Mann apparently doesn't realize it, buffer overflow isn't the only problem with C.  It's just the one most easily described in an oversimplified good-guys-versus-crackers scenario.  Building modern software with C is like building a full-sized house out of Legos.  You have to work at a very low level, and your attempts at putting little pieces together into larger, structural beams and struts tend to disintegrate once they get too large.