Originally Published: Wednesday, 10 May 2000 Author: Jay Thorne
Published to: featured_articles/Featured Articles Page: 1/1 - [Printable]

Software Development in the New Millennium: Preventing Gales of Derisive Laughter

Public scrutiny and the machinations of the old guard make this a dangerous time to be an open source software developer. Peer review is both our strength and our weakness. "Getting it Right" is more important now than ever.

   Page 1 of 1  

Recent events have put Red Hat and Microsoft under the microscope of public examination from the discussion of security holes in some of their offerings.

As public scrutiny of Microsoft and other software companies increases, it's clearly apparent to me that the "traditional companies" have no idea whatsoever how to publicly account for their actions. It's almost laughable how they come up with spin that sounds so hollow in light of their recent actions. It's funny how we can call a 20-year-old company in a 30-year-old industry a "traditional" business.

It must be hard days indeed for the Microsoft Public Relations department and the consultants they hire. Can you imagine the meetings going on: "The engineers did WHAT? Fire their sorry asses." "We did, two years ago." "What can we do to make this blow over?" "Pay some of our tame journalists to jump on something, anything that comes up for Linux or Sun." "Will that work?" "I don't know, but I'll be fired too if I don't have some plan."

In my humble opinion, we are watching the titanic convulsions of a great dying beast. Stunned and confused by attacks from hundreds of much smaller, infinitely more nimble aggressors, it lashes out. But enough of the dinosaur stories.

Microsoft and the other proprietary software companies have been heavily, and we all hope, mortally wounded by the geeks taking the heart of their business -- operating systems and general-purpose software for personal computers -- away from them. Probably the most confusing part of the situation for them is that their old strategies don't work any more. Spin doctoring is falling on deaf ears when the traditional media people are checking out the spin with geeks who know better. Price-fixing and other competitive moves also don't work well when the competition is already cheaper than you can ever be, and has a much larger collective development team. What's worse, they all share their code, so the gap is widening.

To the open source developers and the companies in this space I urge caution. Like a dying beast, Microsoft and similar companies can crush people and companies who do not step warily. A few more companies and people will be crushed as MS and the others attempt to grapple with their aggressor. Expect more spin and covert influence. Expect the major news organizations to have hordes of press releases to wade through. Fear, Uncertainty, and Doubt is only one tactic. Another effective one is "Purchase the competition and kill it." Embrace, extend and make incompatible is a third tactic. (Windows 2000 DNS services anyone?)

So how then do the open source and free software developers stay safe?

Stick to Your Engineering

The scrutiny of open source software means that the traditional commercial software design trade-offs of "elegance" against "get it done by next week" are hopelessly skewed. Design choices now have to be engineering-driven, not marketing-driven. Otherwise, the design can and will be ridiculed by geeks who know just as much as you do about the problem you are solving. Obscurity is now impossible -- there's just no rug to sweep things under. Don't rush out any products.

Spend an extra week in QA. You need to catch the non-obvious things. Get an installation test done by a complete newbie. When he/she says "It didn't install right," fix the software, not the user. Open source software is being used by companies who have no history and no long-haired UNIX geeks to fall back on for installation clues. Just because your developers can install it is no guarantee that a newbie can.

Be Paranoid. Very Paranoid

Double- and triple-check your work. Do random character tests against input boxes. Nothing is more embarrassing than crashes from overflowing your input fields. That's one example. Pretend you are stupid. Click the close box while the program is still reading its config file. Pop up the configuration and try to click on the parent window. Does that crash it?

Pretend you are incredibly (and I do mean much more stupid than the person you habitually deride) stupid. Turn on the option marked "Don't turn this on." Risk it all. Try to run it right after unpacking the tar. Turn on all the options marked "Dangerous." Run it. Because you know that someone will try that. And put in a bug report.

The smartest thing you can do is sit beside a fellow geek, with your hands tied and your mouth gagged and have them install and attempt to bring up your software. I mean it. Imagine sitting there and not being able to say anything, type anything or grab the mouse while someone misses what you assumed was intuitively obvious to the most casual observer.

My favorite example of software that knows how to install itself is the Configure in the standard Perl kit. It is just there to configure the install, but is in itself a work of fiendish brilliance. It even congratulates you if you are not running Eunice.

Pretend the Whole World Is Looking at You

Say you were releasing source code. And you don't want to be laughed at. And you have your own name in the source code. And you'd like to continue working in the industry.

It's like being an actor. Famous actors and actresses have paid obscene amounts of money to keep old pornos that they were in from being re-released. You don't want the mistakes of your past haunting your future.

Public scrutiny and the machinations of the old guard make this a dangerous time to be an open source software developer. Peer review is both our strength and our weakness. "Getting it Right" is more important now than ever. Use the community to do what it does best: help you make your software the best work you've ever done.

Jay Thorne, yohimbe@userfriendly.org

   Page 1 of 1