On Sat, Aug 7, 2021, at 14:02, Sagar Acharya wrote:
> I have written this article at the link below.
>
> https://designman.org/sagaracharya/blog/pretend_computer_security
>
> It enhances the value of suckless by pointing the problems in gigantic
> softwares. Let me know what you think.
I'm reminded by the old Hoare quote (from 1980!):
> There are two ways of constructing a software design: One way is to
> make it so simple that there are obviously no deficiencies, and the
> other way is to make it so complicated that there are no obvious
> deficiencies. The first method is far more difficult. It demands the
> same skill, devotion, insight, and even inspiration as the discovery
> of the simple physical laws which underlie the complex phenomena of
> nature.
I've certainly noticed in the software I write that complexity tends to
be a graph roughly like:
complexity
│
│ ---
│ / \--
│/-/ \--
└───────────── time
As my understanding of the problem and various solutions increases, I
can reduce complexity.
The more complex solution(s) however, *do* usually work and are "good
enough", in a way.
I'm also reminded by this https://github.com/lukego/blog/issues/32
> Joe wrote amazingly simple programs and he did so in a peculiar way.
> First he wrote down the program any old way just to get it out of his
> head. Then once it worked he would then immediately create a new
> directory program2 and write it again. He would repeat this process
> five or six times (program5, program6, ...) and each time he would
> understand the problem a little better and sense which parts of the
> program were essential enough to re-type. He thought this was the most
> natural thing in the world: of course you throw away the first few
> implementations, you didn't understand the problem when you wrote
> those!
I suspect TDD and strong emphasis on testing in general (which isn't
necessarily a bad thing btw) may play a part in this: you can write any
ol' crap, throw a bunch of tests at it, and fiddle about with it until
it passes the tests. Okay, great. But "passes tests" doesn't
automatically mean it's "good".
