Moxie Marlinspike is a legendary figure in security and software development. I last wrote about him and his fight to keep our data safe from governments and other prying eyes 9 years ago. He’s still at it.
At the recent Black Hat Conference, Marlinspike took a few minutes to give his views on the state of software development. He blames its current deplorable conditions on Agile but what he really means is layers and layers of abstraction that prevent the developer from understanding what is really happening with their software.
His message really resonated with me. I have long thought the same, at least about the layers of abstraction (I have no experience with Agile). You see this dynamic with MIT abandoning their famed SICP course in favor of teaching about using libraries to control robots or something. My problem with that—putting aside the offense of getting rid of SICP—is that students aren’t learning the fundamentals of computer science and what the machine’s really doing.
I addressed this same issue in my Is C Useful For Understanding How Computers Work. If you only know how to use high level languages and libraries that are black boxes to you, you will never understanding what’s really going on with your software.
The difficulty is that our corporate industry leaders love this stuff because it enables them to produce loads of software faster and easier. The problem is that no one, including the developers, really understand what it’s doing. The result is exploit after exploit. And, as Marlinspike says, a lack of joy on the part of those writing the software.