Poor Design Is Not a Bug

Tim Barcz — Fri, 26 Nov 2010 03:37:18 GMT

Ayende recently posted a an article titled “Where is the bug”. While reading the comments, I was disappointed by some of the answers to Ayende’s request to find the bug. Here are two of the comments that stood out to me:

“You could argue the biggest bug is the use of a switch statement as it violates OCP.“
“The use of a switch statement is a bug in itself.“

What bothers me so greatly is people’s inability to separate design discussion with bugs. A bug is defined on Wikipedia as:

A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways

The two comments above don’t attempt to solve the bug and instead take an “ivory tower approach” to the problem (more befuddling is that removing the switch in favor of something else would leave the bug in place). This bugs me because we (as an industry) continue to care very little about the output and meeting of customer/business needs and more about code structure and semantics than actually working code.

Let me state for the record, it is perfectly acceptable to talk about code structure and design but please let’s not confuse a bug – an actual error or flaw in code – with poor design.

(I think it’d be humorous for Ayende to post some perfectly fine code and ask “Where’s the bug” and watch people trip over themselves trying to find something wrong)

What to Make of Intel Buying McAfee

Tim Barcz — Thu, 19 Aug 2010 20:39:00 GMT

James Senior posted on his Twitter account:

“oh dear lord no. why intel, why? http://ow.ly/2s2dm reminds me of when Intel got into the hosting business. http://ow.ly/2s2fT”

James is referencing an article posted by the BBC on the recent news of Intel’s takeover of McAfee for 7.68 Billion. While I agree with James on Intel’s foray into hosting – of course hindsight is 20/20 – I disagree with his position on this particular deal and here’s why.

Despite the rapid growth over the last 15 years of PC’s, viruses are still problematic. Despite continual efforts at training the masses, viruses still are far too prevalent. Additionally the methods for exploitation continue to spread and evolve faster than the education can keep up with. For example, by now, the vast majority – save your grandmother – knows not to open executables sent via email (largely this practice is blocked at the email level anyway). A smaller, but still growing population have learned to not open attachments from people you don’t know. And yet viruses at times runs rampant.

The virus landscape has largely changed with a more sophisticated modern day virus writer. He/she is no longer malicious in their intent to infect your computer but instead often plant malware to consume and distribute private information on your computer. Certainly dangerous viruses still exist, but there’s less money in that.

Given that education can’t keep up (or thus far hasn’t proven to be able to keep up) with the changing exploits and security software saturation is still less than 100%, I see the move by Intel as a positive one. Imagine virus protection at the chip level. The virus uses the chip and it’s processing to do it’s damage. If the chip can refuse access to the virus, the virus is rendered ineffective.

In an environment with increasing questions/concerns about security threats, a chip maker who can offer it’s customers virus protection has a significant advantage over it’s competitors. Additionally, every computer has a CPU and saturation into the market would be swift as computers with this technology would be introduced into the market as people replaced their old PC’s.

In an interesting twist to this story, I could see Microsoft having interest in this particular marriage. Largely portrayed by many as insecure, a chip with protection renders the discussion about OS security potentially moot. Whether Microsoft would admit to it or not, it has skin in this game.

Overall, I think Intel’s choice is a strategic one and might prove be a great one. After over two decades of security software, software hasn’t been the answer. That doesn’t mean software couldn’t be the answer, however history has thus far shown software as a weak solution. It’s time for a game-changer. This could be the road to that much needed change.

Time will tell…

Tim Barcz : Commentary

Poor Design Is Not a Bug

What to Make of Intel Buying McAfee