Monday, March 17, 2014

I was discussing the design of a new piece of software with a co-worker and we disagreed pretty strongly on one point. Briefly; he wanted to write a layer dedicated to security; I felt that the tools available to us that implement security are sufficient. Who's right? Who knows? But it got me thinking about what makes good software design and why I didn't see the need for this layer.

All of us have different coding values and those values change over time. My current employer relates the story of a brand new college graduate with a Computer Science degree that he hired. Whip smart and... arrogant. He spent a day or two reviewing the existing code and declared that all the code was crap and needed to be re-written. He lasted another day before deciding that a startup would be more to his liking (I have no idea if he found that startup). At one point in my career it became my task to maintain code. Who wrote this crap! Yikes, it was me! I realized that working code does trump re-writes. That readable code trumps slick code. That Joel is right, Good software takes 10 years, get used to it.

And I realized that; perhaps paraphrasing Einstein, we should 'Make software as simple as possible, but no simpler'. As software developers complexity is our enemy. We need to understand the multitude of tools available to us, and just as important, we need to understand the domain of the problem we are trying to solve. But we're not done yet, we still need to understand the abstractions we are building to implement our solution. We need to know a lot. It may not be rocket science, but the amount of knowledge that developers need to know is damn close.

Simplicity is our friend - we need to simplify. Microsoft has spent years creating and refining a security framework for the web. That framework has been used in thousands? hundreds of thousands? millions? of web applications. What gives us the hubris to think that we can write something better in a couple of weeks or even a couple of months? I bet Microsoft has spent more time simplifying that framework than I have to develop a new one. Hey, maybe the framework is insufficient, but let's find out before we add to the complexity and try to build one ourselves.