Open eyes Working brain

So, Google is going to kill Wave.

But despite these wins, and numerous loyal fans, Wave has not seen the user adoption we would have liked. We don’t plan to continue developing Wave as a standalone product, but we will maintain the site at least through the end of the year and extend the technology for use in other Google projects.

That’s a great example of why “do one thing well” is better than “do it all”. Not only because, as Gall’s law implies, it’s easier to get a simple system straight, but also because once you get a complex system straight, you still have to make people get their mind around it. Wave made chat and e-mail play well together, with a great replay feature, bots and translation. Twitter gives short text updates. Adoption declared the winner, but we already knew it.

We live in times of complexity, and even though neat technologies and elegant software can be found at times, the market is still definitely dominated by absurdly heavy solutions. Enterprise is imploding and a wind of change towards more sustainable approaches is blowing all around us, yet the mainstream scene is comparatively stagnant and all the pain inflicted to people is not really causing the deserved rebellion.

Why is that? Why when confronted by the possibility of rewriting their untestable bloatware, customer’s reply is almost always invariably “No, we don’t need it. We’ll just have to fix known bugs and add a couple of features, because right as it is, the software works ok…”?. What does “works ok” really mean? In my experience, it translates roughly to “The software does not physically blows up our office, it does some of the things we need to do, and over the years our employees have developed a thick skin against all the nuisances and a baggage of manual tricks, passed on by mouth, to get the rest of the work done anyway. Oh, and we already paid a lot for it”.

Recently, i got a taste of this mindset myself, when i booked online 2 tickets to Avatar at the local cineplex

“Hello this is my reservation code”

“Sorry Mr, those seats are reserved”

“Sure, by me”

“No, actually by others”

“What? see, i made this online reservation…”

“I see, but we take reservations both online and by phone, sometimes they overlap and phone is given priority”

“Overlap?! No trust me, i am a programmer, overlapping reservations are not supposed to happen, because your system has to take care”

“Oh, but evidently it doesn’t”

“WTF?!?!”

“Please, don’t get mad, i am gonna give you other seats. Today is not even bad. You should see how many angry people we must manage during christmas holidays when all movies are sold out!”.

Now, given that reservation means “An arrangement by which accommodations are secured in advance”, how would you rate a reservation system that does not guarantee secure accommodations? Like a fish unable to breathe underwater, yet they live with it, and this takes me to the point.

First, humans are best when it comes to adaptation. That means we naturally adapt to pain so that we don’t feel so bad, and adapt to pleasure so that we don’t feel so good. Perception of any external stimulus in the end comes to balance. Barry Schwartz in the Paradox of Choice says:

respondents were asked to rate their happiness on a 5-point scale. Some of them had won between $50,000 and $1 million in state lotteries within the last year. Others had become paraplegic or quadriplegic as a result of accidents. Not surprisingly, the lottery winners were happier than those who had become paralyzed. What is surprising, though, is that the lottery winners were no happier than people in general. And what is even more surprising is that the accident victims, while somewhat less happy than people in general, still judged themselves to be happy.

Second, humans are also very bad at admitting sunk costs. The idea of having spent money on something not worth is the ultimate inconvenient truth. Again Barry

Aversion to losses also leads people to be sensitive to what are called “sunk costs.” Imagine having a $50 ticket to a basketball game being played an hour’s drive away. Just before the game there’s a big snowstorm—do you still want to go? Economists would tell us that the way to assess a situation like this is to think about the future, not the past. The $50 is already spent; it’s “sunk” and can’t be recovered. What matters is whether you’ll feel better safe and warm at home, watching the game on TV, or slogging through the snow on treacherous roads to see the game in person. That’s all that should matter. But it isn’t all that matters. To stay home is to incur a loss of $50, and people hate losses, so they drag themselves out to the game.

Third, as brilliantly pointed out by Ryan Brush’s “Code is Design” in 97 Things Every Programmer Should Know and by Gabriele’s “Waterfall Pitfall #1″ (italian), uninformed most people understand software construction in terms of the better known building construction. Now, since programs are built out of bytes (not bricks), which are practically nothing, using mind (not excavators), which has no physical constraints, actual construction must be very cheap. This gives them the false hope of having an easy exit strategy at their disposal: fixing the software when an emergency comes up. Would they wait for a defective bridge to show the first cracks before attempting to fix it? Their unconstrained minds seem to be unable to realize that story construction aka book writing, built out of words, might represent a more fitting comparison and that The Divine Comedy took Dante, a renowned genius, more than ten years to finish.

Last but not least, mainstream has made a really good job at covering mistakes of incompetent programmers. From the almost sandboxed life cycle of a php script, to the rigid syntax of java and its self-correcting IDEs, to the plethora of useless certifications, great efforts have been devoted to make any primate with opposable thumbs able to program with very limited competence. Many and cheap, that’s how economy of scale is supposed to fail work, and that’s how we got this horde of unprofessional programmers sacking the best projects.

All of these points help to explain proliferation of crappy software. Maybe, they get it from some body rental which pays more for advertising than for the army of juniors that actually does the job. At the beginning it hurts, but they spent good money and cannot afford to accept failure, so lies are told and more time and money are invested to improve the situation. Then workarounds, albeit inefficient, come and direct suffering somehow decreases. Eventually, the pile of workarounds becomes part of company culture, and all is back to balance: the software starts working ok.

Unfortunately, this means that the quest for better software workflows can hardly come out of necessity, it must come out of vision, and vision takes inspiration fed to working brains then time for the masses to catch up. With Universe hopefully taking care of latter two, i like to think we, professional programmers, are those in charge of the former.

Having recently read RESTful Web Services, i wanted to write about the most interesting of my REST-induced epiphanies:

Form based authentication with its login/session/logout workflow, which is currently dominant on the web, is hopelessly broken.

To understand why, one has to grasp how the greatest living RESTful implementation, the web and its backbone protocol HTTP, was meant to work. In a nutshell, there’s a server that keeps the state of the web application, split into meaningful resources. Each resource has its own name (URI) and a set of available representations of itself. That’s all the server knows. Then there’s a client that acts as a finite state machine visiting resources, getting representations and then moving to other resources through links and forms. The state of the conversation, the session, where a client has been and where it is now, is something that belongs to the client. Server drives the client by feeding him a graph made of states and links to other states, but it’s the client who is in charge of following a path. That’s statelessness, the simplifying property that made the web triumph as a darwinian winner.

In this view, authentication should have been largely a client-side business.
The client visits resources anonymously. If it wants to be authenticated, it just starts sending authentication data with each further request. If it wants to be anonymous again, it just stops. It could as well send a mix of authenticated and anonymous requests.
The server doesn’t care of what happens between requests. If a single request carries authentication data, it checks the data and possibly replies as if the client were authenticated. If a request has no authentication data, a generic response is returned. There’s no server-side login through a form, there’s no server-side logout, and above all, there’s no temporal ordering between those two and hence no server tracked session. All of a sudden, the beauty of this comes with great force. By delegating authentication to the browser using the standard HTTP mechanism we can greatly simplify application code.

Unfortunately, in reality this is not the case. During its race to the top, HTTP lost part of its original vision, mainly due to implementation mistakes.

1. The specs failed to hit the sweet spot of authentication security. They standardized Basic Authentication which, by sending user and password in plain text, scared people to death and Digest which, due to its complexity and required server cooperation, never really caught on. A client-side mechanism with cheap yet reasonable security such as WSSE UsernameToken, later adopted by atom, would have been optimal.
2. Browsers took away login from client’s hands by showing the popup dialog to input user/password only after a 401 http error code from server. There should have been an always visible “login” button since the specs said “A user agent that wishes to authenticate itself with an origin server–usually, but not necessarily, after receiving a 401…”.
3. Browsers practically took away logout from client’s hands by requiring to close the browser in order to clean the passwords cache. There should have been an always visible “logout” button.
4. Browsers gave no chance to customize the ugly and annoyingly modal login dialog. HTML and/or CSS could have been used.
5. Browsers gave no client-side storage needed to keep session data but again turned back to server with cookies. They should have given something like upcoming HTML5 localStorage and sessionStorage.

Now there’s not much that can be done short of a collaborative effort by all browser vendors. Meanwhile we can keep dealing with authentication in application code on the server, in a never ending pile of custom solutions, each one slightly different, for yet another pretty standard problem. A problem solved 15 years ago.

The browser is emerging as the best platform for applications, so a large community is growing to address its final weakness: speed. Google, Yahoo and various independent programmers are all pushing a bunch of clever techniques to boost performance and please end users. That’s nice, yet as Mark Twain once said, half of the results of good intentions are evil and i see potential danger in many of the suggestions made. Here a representative short list of them:

• Avoid for-in and forEach in favor of optimized while loops
• Before making modifications to a DOM node remove it and then re-insert it
• To insert multiple DOM nodes, first insert them into a Document Fragment and then add it to the DOM
• Join all scripts into a single file
• Load javascript files on demand

Let’s make it clear for once, execution speed is not a human problem, that’s what computers are for, they execute our commands fast. The human problem is programming speed and writing down clear, readable, maintainable commands aka programs. forEach loops make sense to me, they say “i want to do something on each item”, optimized while loops make sense to computers. If i want to add DOM nodes or modify one, i don’t care of removing it or document fragments, browsers care. To me it’s just noise. Almost all of the problems addressed by those techniques stem from lack of smartness in the browser, and that’s where fixes belong to, on the machine side. The fact that there are inept browser makers is no excuse. Fixes still belong to the machine, they’re repeatable and can be made automatic. We have a long history of programs automatically converting human friendly code to machine friendly code. They’re called compilers and the output either machine code or optimized javascript doesn’t matter.

So, learn about javascript performance since knowledge is always the way, but don’t turn yourself into a machine, you’d be an awful one. Use the tools and wait for browsers to catch up.

• Aptimize
• Closure Compiler
• YUI 3 use

If i had to award the best talk at GTAC 2009, the no-brainer choice would be Prof. Niklaus Wirth opening talk. That’s not surprising if you consider who the speaker is, one of the great pioneers of computer science in the field of programming languages. What’s most surprising to me is that he presented a (pre)historical review of problems which turned out to be incredibly relevant today and, somehow, forced me to reframe my understanding of testing.

Building on 1972 Dijkstra dismissal of software testing

program testing can be a very effective way to show the presence of bugs, but is hopelessly inadequate for showing their absence.

Wirth explained that testing is treating symptoms instead of the disease, with the disease being our failure to prove correctness of programs by analytical means. This failure has its roots in distant past but it still holds today with languages and tools too complex and unreliable. Languages and tools providing proper abstraction, really hiding the system beneath, would give us the simple and rigorous ground to make programs easy to prove correct, so that no testing would be needed. Unfortunately, this looks far from happening

Programming languages are further from being mathematically nice than they were 50 years ago! They’re huge and complicated. They contain big libraries, and most of a programmer’s time is spent finding and learning the right libraries.

and again

What progress has this field actually made? We still struggle with the same problems as 50 years ago: iteration times, debugging, scratching our heads trying to figure out what went wrong.

How insightful! Empirical evidence that computer science made no sizable improvement in software construction is everywhere. It’s like a hamster in a wheel, running nowhere. Why is that? Maybe, we’ve been piling leaky abstractions on leaky abstractions, apparently hiding information without really simplifying, to the point where progress is drowning in complexity.

Testing is a nice way to easily lay down executable specifications, yet it requires maintenance and quickly degrades as we try to cover more cases. But when we code we have the chance to write self-describing programs which are executable specifications, reducing the coverage of tests needed, ideally to zero.

What does it mean in practice? Whenever it’s possible one should aim at declarative code. Domain specific languages and functional programming come to mind. The point being, if a program matches closely its specification, what’s left to test?

def factorial(n)
    if n == 0
        1
    else
        n * factorial(n-1)
    end
end

It’s becoming clear to me that a programmer is probably closer to a craftsman than a scientist. The craftsman greatest strength is mastership of his tools. So just as the carpenter masters the plane to shape wood, the programmer must master a text editor to shape programs. I’ve spent enough time wandering aimlessly around a lot of editors and IDE’s. It’s time for me to settle down, make a competent choice and take the years needed to become proficient in it. I wanted something possibly simpler, light and which would leave me in control. That means an editor over an IDE, but which one? I did some deep research and after an endless stream of positive reviews backed by Gabriele “warm” suggestion, i bought “Learning the Vi and Vim Editors 7th edition”. Vim is 1991 software based on a 1970s one, and it’s great. Btw my second best was emacs, another 1970s software. This must say something about advances in text editing software industry. Anyway, now that i’ve finished the book and daily using Vim, i realize its very existance is relevant to the “simplicity in software” debate.

Is Vim amazing software? Yes. Is Vim simple? No. This could imply that simplicity is a highly overrated software value, but i think it’s not. It just implies that, as any other thing under the sun, simplicity is a relative value. Relative to what? I guess to user’s knowledge of the domain. Let me explain.

Simple software is one that provides a few objects and a few rules to compose those objects coherently into newer more complex abstractions. This makes an optimal hotbed to learn. Few objects are easy to understand and remember. Few corner case free rules give confidence while exploring the unknown. It’s important that the learner is not exposed to further possibly useful complexity which is not ready for yet. Only some to ignite inspiration, but greater power cannot come a priori, but as a consequence of greater understanding of the domain. This way user and software evolve together.

“Good” Complex software, which still tries to minimize basic objects and rules and completely avoid corner cases, may ship equipped with many levels of abstraction relevant to the domain. That’s for the sake of efficiency, so that the skilled user will be able to manage complex scenarios by quickly referring those abstractions. Give something too simple to the master and he will end up bored and unproductive. Give something too complex to the apprentice and he will run away confused.

Vim is extremely good and complex software which comes with a plethora of short keyboard commands to make any conceivable manoeuvre on text at top speed. Optimized for being efficient with keyboard, which already happens to be the most efficient input device, usually much better than mouse. That’s heaven for touch typists as i am. The nice thing about efficiency is that it can be easily quantified by time. Same goal, the faster the better.

Let’s close with a fulgid example of vim capabilities with a common editing pattern: swapping two words.
An usual hybrid keyboard/mouse approach on windows:

• Select the first word (click/drag the mouse or double click)
• Cut (ctrl+x or right click and use menu)
• Move the cursor after the next word (move the mouse and click)
• Paste (ctrl+v or right click and use menu)

I guess it takes 3-4 seconds to complete correctly

Vim keyboard based approach:

• type dwwP

An average good typist can do 50 wpm which means it takes about 1 second to type 4 characters. That’s efficient.

The more i read about psychology the more i feel it’s compelling knowledge to anyone especially in the software business.

The Paradox of Choice by Barry Schwartz is enlightening on this respect. Humans inherently crave control, autonomy, self determination and so choices which are natural means to express this essential demand of freedom. Yet, humans used to have simple lives with limited amount of choices. Now, in these days of exponential growth and exploding options, they just can’t cope anymore. They’re overwhelmed by escalating possibilities in all fields of life ending up paralyzed, frustrated, dissatisfied if not plain depressed.

Schwartz comes to the conclusion that, to relieve distress, they have to fight back their inner impulse and learn to accept some constraints are good, that simplicity, more often than not, can be the golden path to well-being. In a later talk at Google, he goes as far as pointing out that software/product makers should embrace libertarian paternalism, which in a nutshell means: give them choices but also apply soft contraints to ease their path to “good” decisions. Those that will probably make them better.

Greek Diners in New York City. Their menus are about a thousand pages. There is no dish anyone has ever eaten it isn’t somewhere on those menus and tucked in the front cover of the menu there’s a little piece of paper with “today’s specials” – four or five items. Inadvertently you create an insoluble problem by giving people 10,000 things to choose from and then you solve it for them by giving them today’s specials and people are driven to choose, take your advice, take your recommendation.

This sheds new light on the company vs customer, simple vs full featured software picture i’m still trying to figure out. As Don Norman puts it “People want the features” and “Features win over simplicity” and as Joel Spolsky notices “With six years of experience running my own software company I can tell you that nothing we have ever done at Fog Creek has increased our revenue more than releasing a new version with more features. Nothing.”. That’s obvious. That’s what people naturally do, the way society drives them to do: Manifest control by claiming more options, more variety.

But then there’s the other side of the coin. Many of them will reject using such software or at least defend themselves by restricting to very basic usage and, in the end, they’ll feel bad about it. Empirical evidence is already there in stats about unused features. People also seem to feel it as the great success of “for dummies” books and simplicity buzzword in advertising underline. Using Schwartz words:

A majority of people want more control over the details of their lives, but a majority of people also want to simplify their lives. the paradox of our times.

Customers bombarded by never ending stream of choices and responsabilities are to me much like children in need of a good parent. So companies as anyone really or virtually in charge of other human beings are subjected to the same old ethical question:

Do we care for us or for them?

Are we in the business of making money or in the business of making happy customers?

If you like me value the latter, then maybe, it’s time to start acting as a lovely father who takes best choices for his offspring but as they grow safe, empower them day by day. Instead if money drives your actions, i just got one more question for you:

Do you think such economy is REALLY sustainable?