From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,cbb5b0d14f503195 X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Newsgroups: comp.lang.ada Subject: Re: Working with incompetent adaists / unsafe typing war story References: From: Brian May Date: Fri, 17 Feb 2006 12:57:54 +1100 Message-ID: User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux) Cancel-Lock: sha1:Xb5BkJcXZPP8ElYdyEcpmiqsuCY= MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii NNTP-Posting-Host: snoopy.microcomaustralia.com.au X-Trace: news.melbourne.pipenetworks.com 1140141475 202.173.153.89 (17 Feb 2006 11:57:55 +1000) X-Complaints-To: abuse@pipenetworks.com X-Abuse-Info: Please forward all headers to enable your complaint to be properly processed. Path: g2news1.google.com!news2.google.com!news4.google.com!news.glorb.com!newsfeeds.ihug.co.nz!ihug.co.nz!news.xtra.co.nz!news-south.connect.com.au!duster.adelaide.on.net!news.melbourne.pipenetworks.com!not-for-mail Xref: g2news1.google.com comp.lang.ada:2922 Date: 2006-02-17T12:57:54+11:00 List-Id: >>>>> "Anonymous" == Anonymous Coward writes: Anonymous> I'd like to start with a war story: A big hurdle I find (not just in Ada software) is that the API Mr Safety carefully designed and implemented is insufficient for the requirements of the project. As a result, and due to demands from management to get the project finished Yesterday, Mr Safety is forced to expose a lot of the inner workings which he never intended. The reason why the API was insufficient? Because Mr. Safety didn't understand all of the requirements. The reason? Because management considers the design phases of the very complicated software a complete waste of time and money. Bugs will occur anyway. What is the point? However, Mr. Safety wanted to try to do the right thing. So he tried to do the design. Unfortunately he couldn't see into the future for what would be required, as Management considers each modification as a totally isolated project. Not only that, but Mr. Safety wasn't given time to document the API. As such other programmers tied themselves up in knots, either by continuing to do things in obsolete ways, or by making changes to the API that aren't required and break other things in horrible ways. This can lead to conflicts between Mr. Safety and the other programmers in doing things the "correct way" vs the "quickest way" with management supporting the later. Not only that, but even Mr. Safety wasn't sure how the API was meant to work, as he wrote it years ago and hasn't had an opportunity to look at it since. During this time other developers have gradually been changing it in ways which look totally inappropriate and Mr. Safety doesn't understand. At the end of the day, management gets code that appears to work, and they are happy. Other code might be completely broken and need fixing, but that is rule rather then the exception in such projects. These issues occur regardless of language - admittedly this isn't Ada, and isn't even I strongly typed language, but I think Ada wouldn't help without significant culture change. If on the other hand you built a house and then tried to design it in a similar manner, I could imagine: Customer: "Build me a house, and put it right there please." Builder: "What are the requirements of this house? Is this your property? How many bedrooms? How many bathrooms?" Customer: "What is this? Don't waste time. I want big rooms. Just build me a house, and quickly too, so I don't have to pay you too much." [...] Builder: "Your house is finished. If there are any problems, please let me know". Customer: "I like the very large lounge room with the big windows. How do I get inside?" Builder: "Just smash a hole in the Window like this, until you can fit inside. Try not to cut yourself." Customer: "Is this secure?" Builder: "Off course it is. No intruder would dare try to enter at the front." builder to himself: "...as long as the back door, with all the signs 'Emergency entrance here! No key required!', remain a secret." [...] Customer: "I need the toilet. Can you please show me the way?" Builder: "Whoa! You didn't say you wanted a toilet! I only built a lounge room. The toilet would require water connections, sewage connections, another floor, council approvals, and will cost you extra." Customer: "I thought a toilet was standard. I also want a bathroom too. A stranger I met on the street said a bathroom is always a good idea. This is unacceptable. Don't waste time with the council approvals, just finish my house!" [...] Builder: "Here is the extra story attached to the roof of your house containing a bathroom and toilet. As an extra bonus I have also given you a shower and a big Spa bath. You can get to it by climbing out the main Window. The addition should be secure, I used plenty of duct tape." Customer: "Spare me the technical details. Is it finished or not?" Builder: "It is finished." Customer: "Can you make my new oven work when it gets delivered?" Builder: "umph. There isn't a Kitchen." Customer: "What is the kitchen anyway? I don't know what it means. I purchased an oven, it a good one, because it was expensive, and the Microsoft representative told me to get this one. Just get it working. He said it would produce anything from roast meals to cakes and biscuits with minimal effort." Builder: "I think you want a Kitchen. Let me see... That would require an additional story, additional plumbing, ..." Customer: "Whatever, just do it." [...] Customer: "The oven doesn't work! The Microsoft person told me it was your fault." Builder: "You didn't tell me to connect it! Is it Electric or Gas?" Customer: "I don't know the process. I just wanted you to make it work when it gets delivered." Builder: "It is not even delivered yet? No wonder it isn't working. Is it Microwave, Electric or Gas?" Customer: "How am I suppose to know? You tell me!" Builder: "I could do this job faster if you told me. Besides, connecting ovens really isn't in my job description..." Customer: "This is beyond a joke. Who knows what on earth you are talking about anyway." [...] Customer: "It is getting dark. How do I make it light?" Builder: "What? You want lights? Do you want an electrician?" Customer: "No! I don't even understand anything you just said. Just make it light!" [...] Customer: "Where do I put my bed?" Builder: "In the lounge room. In front of the big window that looks out towards the big shopping centre. I surely hope you don't need privacy?" Customer: "No! Whats that?" [...] Customer: "Your house you built me was faulty. It was buggy and crashed into the old house underneath. All I did was remove the duct tape so I could re-program the bugs. It didn't meet any of my requirements either. My oven doesn't work either - it just gets very hot. I will send you a draft copy of my requirements later. I want a full refund, and I want you to fix up the damage to the old house." Builder (horrified): "You did what with the duct tape??? [...] What old house underneath??? [...] There were no bugs when I left it. Besides how do you re-program a bug??? Do you even know what you are talking about?" Anonymous> Do you folks encounter this frequently? And what's the Anonymous> solution? Management can never appreciate the benefits Anonymous> of concepts like type safety. Strong typing is Anonymous> incorrectly viewed as "academic" and counter to Anonymous> progress. I have seen web pages dedicated to discussing why strong typing systems are bad and slow implementation, and the world would be a much better place if everyone used typeless scripting languages instead. Then people ask how come so many web pages have obvious and known security holes. There was a talk at the Linux conference (LCA2006), New Zealand, in fact. The speaker wrote a program designed to check websites against obvious attacks, such as not quoting user input before displaying it back as HTML to the user, or displaying unquoted user input (meaning HTTP post variables) in SQL error messages. He found so many security problems in common websites around the Internet he refuses to distribute the code for fear that attackers might use it. These things shouldn't happen! Oh well, such is life... I only hope that software written for mission critical applications is better... -- Brian May