The state of software quality
Lately, I have found myself getting frustrated over the level of quality, in many of the systems that I have to interact with. Oh back in the good old days, where the stack was smaller and frameworks were simple, the software equally more simple and stable.
But that’s exactly the argument a stuck old fart would make while complaining about the weather.
Nineties and noughties
First let’s reflect a bit on how it really used to be, before judging how bad it really is now.
ILOVEYOU - Security last Back in May 2000 lot’s of love was in the wires. Depending on a combination of your mail client or your own intellect, you were about to get owned. The famous virus spread like wildfire due to being able to run with user privileges (99% of users were also local administrators) often without the user even clicking the attachment!
Blue screen of death / freezes / kernel panic - Overly ambitious backwards compatibility in a young industry Windows 95 - ME was an especially difficult time, where you furiously save, whatever you would be doing, to disk to avoid the inevitable crash. Linux and BSD were not scot-free either - I remember being excessively “punished” by being forced to fix small mistakes in the rescue terminal.
Cooperative multitasking is OS’s - Naïve world view
Wouldn’t it be great if we could just all share and live in harmony? Here we are back in the 16-bit era, and basically, the processes on the operating system should give up the CPU, whenever finished using it. The problem being the processes would also have to wait for each other to finish to get CPU time again. Developers then resorted to just hogging the CPU to make their software run smooth at the cost of everybody else, the problem again was that when everybody did the same it all turned into a mess. Imagine a birthday at the prison for the mentally insane, serving an organic locally sourced cake, it’s a big mess: Everybody wants the knife to stab the others and the candles to burn down the building.
Dependency soup - Learning to build the software equivalent of the Tower of Babel If you were tinkering even the slightest, it wouldn’t matter which OS you were using, you would spend a considerable amount of time sorting out dependencies by up and downgrading them. It was almost like a puzzle that needed to be solved. I first got my feet wet with Linux on Mandrake 6, which was based on RedHat and used the infamous Red Hat Package Manager (RPM), I literally remember drawing diagrams to sort out dependencies because RPM needed a lot of guidance.
This is a select and varied list of issues I remember myself as clear as day. The list could go on and on, and I challenge you to think back at your own experiences.
Let me start by saying: I can’t for the life of me, remember last time my workstation froze! The big issues have more or less all been weeded out. We are now left with, relative to the past, minor and silly issues.
As the demand for software has grown, so has the salaries and number of jobs, with that more people has entered the field. I know many who came this way and have since found their “calling” and is great developers today, but many also came without excitement, simply because a career within software was the most monetarily attractive and with the best benefits among what was available. I usually refer to this crowd as “bread and butter Java developers” - It’s not to talk Java down, it’s just the language you get a certificate in and bam you are ready to join a big-gray corporation. If you are reading this, chances are that you are NOT in this group!
I believe that this crowd causes the majority of the silly mistakes.
The initial version of the Dutch “CoronaCheck-app”. It was possible to trick the app to release the vaccination QR code right after the vaccination had taken place, instead of waiting the required 7 days, by simply changing the date on the phone itself!
One of the banks I’m a customer at, closes their “web-bank” between midnight and 6 o’clock in the morning - I guess they are running some serious data batches on their mainframes or just digitizing all the faxes they have sent back and forth between departments.
Inconsistent base data, between parties, connected to the national population database - change is not propagated or everybody is caching and not reacting to propagations.
One thing that REALLY bothers me nowadays is responsiveness or rather the lack of it. Performance of the hardware has gone up exponentially but it seems that application responsiveness has been completely stagnating. On my 1-year-old top-of-the-line ThinkPad, it still takes 5.5 sec. just to launch Evernote! You are even worse off if you work with the Atlassian suite (Jira, Bitbucket, Confluence…) as you will spend a considerable amount of time, all in 1 - 5 sec. bites, over a day just waiting for the damn thing to load!
I believe the problems to the “responsiveness crisis” is due to:
“Vending architects” in combination with a huge stack
This one is a bit broad and vague, but in essence, it’s possible to become a certified “software architect” with minimal effort. As a matter of fact, I can see I can join a 4-day course just 20 km. away, it will make by an architect before January is over! To become a real software architect you work your way towards it, through project successes and failures as well as exposure to multiple teams and organizations. It’s a level in your career that require; technical and human skills, lot’s of experience and hence time - it can only be sped up so much.
Unfortunately, these “vending architects” easily get mixed up with the real deal and that drives poor decisions.
I’m very much a UI person, but when UI’s are made using 2 intertwined frameworks and 50 components all dynamically called, my forehead is already resting on the table.
This has become a popular trend, as it can be quick and easy to get something off the ground when you don’t have to worry yourself with something as mundane as the end-user experience. Exaggerate a tiny bit; this is like scooping up all the dog-poo in the park, stuffing it into a waffle cone and selling it as chocolate ice, if the customer doesn’t like it, you just say fuck-off and keep the money.
Basically, we have gotten rid of the very big and problematic issues. There are still many minor or silly ones, but there are without a doubt huge improvements across the board.
I want to mention a few interesting technologies I really see drive quality at the moment:
- Rust, C++ like performance but with memory safety - no more buffer overflow exploits. This will really improve application security!
- File certifications on the blockchain - When comparing a file’s checksum to the one stated on the website, what are you actually comparing? A harmful file to the checksum of the harmful file? Immutable certifications will change this and can perform the matches automatically.