[Previous entry: "the JPEG patent"] [Main Index] [Next entry: "Did they read it? - email tracking"]

05/15/2004 Archived Entry: "software design"

We are now back from travels. I have a lot of catching up to do on the IT News -- most of the "Sasser" outbreak happened while I was on the road -- but I should now be blogging more regularly.

A digression into programming philosophy today...so feel free to skip it if this subject bores you. A friend has referred me to two Devil's Advocate articles,
Why computer security's so primitive and Design software before you build it, and wonders how these relate to Linux.

First let me say that I agree with almost all the Martin Brampton (the "Devil's Advocate") has to say. There is a tendency to take short cuts in IT (what he calls the "Superglue" approach). And there are still weaknesses in our "model" (if that isn't too strong a word) for computer security. But in my Austrian/libertarian view, I see both of these as the result of market forces -- as Brampton himself observes -- and I think only market forces will change things.

On to the specific question of Linux: I'm not sure how to comment on quality of design, where Linux is concerned. One problem with drawing conclusions about open-source projects is their extreme variability. Some of the larger projects (e.g. the Linux kernel, Apache, MySQL) are thought out carefully before implementation, with code reviews by many participants, and much testing. Others are more "ad hoc," and some can even be the work of one person who's more inclined to bang out some code than to do software design.

(That said, I'm not convinced that rigid adherence to a formal design is beneficial in all cases. I've long been a proponent of incremental design. But that's another subject.)

I think Linux is based on a fundmentally sounder design than Windows. The original Unix model was well thought out, with a careful limitation of the powers of ordinary users, although some features have been used carelessly (e.g. the "set-uid" feature which let some programs accidentally grant root privileges to ordinary users). Contrast that with Windows, which in my opinion is still a hack upon a hack upon a hack upon a primitive single-user operating system (DOS).

(I had a chance to see a Windows XP system while travelling, so I'm aware that Microsoft is finally getting the idea of delimited "user spaces". And I gather that "Longhorn" is supposed to be a complete rewrite from the ground up, but I retain a bit of skepticism here.)

I think much of Linux also gets better code review than Windows. Unfortunately the market incentives for Microsoft -- they make money on upgrades, and they have no product liability -- encourage them to rush poorly-tested software out the door. Also, the MS marketing strategy towards monolithic software (e.g. browser as part of the operating system) makes the code exponentially more difficult to test and debug as it grows. (This will only get worse with Longhorn.) The Unix/Linux approach of highly modular software is much easier to test, and problems are more localized.

All software is going to have bugs. (Heck, even automobiles are shipped with bugs, and that's a much more mature industry.) The questions to ask are, a) how many, b) how serious, and c) how quickly are they fixed? By all three measures I think Linux and BSD Unix are far superior to Windows.

Speaking both of design and of security updates, I agree with Brampton that "quality is not something that can be retro-fitted." But I've been hearing this argument for 25 years now, and the habits of programmers (and software vendors) don't seem to have changed. I have hopes that the collaborative and distributed model of open-source development will improve matters, but I don't have enough first-hand experience with that model to say.

brad