Book Image

Understanding Software

By : Max Kanat-Alexander
Book Image

Understanding Software

By: Max Kanat-Alexander

Overview of this book

In Understanding Software, Max Kanat-Alexander, Technical Lead for Code Health at Google, shows you how to bring simplicity back to computer programming. Max explains to you why programmers suck, and how to suck less as a programmer. There’s just too much complex stuff in the world. Complex stuff can’t be used, and it breaks too easily. Complexity is stupid. Simplicity is smart. Understanding Software covers many areas of programming, from how to write simple code to profound insights into programming, and then how to suck less at what you do! You'll discover the problems with software complexity, the root of its causes, and how to use simplicity to create great software. You'll examine debugging like you've never done before, and how to get a handle on being happy while working in teams. Max brings a selection of carefully crafted essays, thoughts, and advice about working and succeeding in the software industry, from his legendary blog Code Simplicity. Max has crafted forty-three essays which have the power to help you avoid complexity and embrace simplicity, so you can be a happier and more successful developer. Max's technical knowledge, insight, and kindness, has earned him code guru status, and his ideas will inspire you and help refresh your approach to the challenges of being a developer.
Table of Contents (50 chapters)
Understanding Software
About the Author
Customer Feedback
The Engineer Attitude
The Singular Secret of the Rockstar Programmer
Software Design, in Two Sentences
Clues to Complexity
Ways To Create Complexity: Break Your API
When Is Backwards-Compatibility Not Worth It?
Complexity is a Prison
The Accuracy of Future Predictions
Simplicity and Strictness
Two is Too Many
What is a Bug?
What is a Computer?
The Components of Software: Structure, Action, and Results
Software as Knowledge
Simplicity and Security
How We Figured Out What Sucked
Why Programmers Suck
Developer Hubris
"Consistency" Does Not Mean "Uniformity"
Success Comes from Execution, Not Innovation

Chapter 30. Simplicity and Security

A big part of writing secure software (probably the biggest part) is simplicity.

When we think about software security, the first question that we ask is, "How many different ways could this program possibly be attacked?" That is, how many "ways in" are there? It's a bit like asking "How many doors and windows are there on this building?" If your building has 1 exterior door, it's very easy to protect that door. If it has 1000, it will be impossible to keep the building secure, no matter how good the doors are or how many security guards you have.

So we need to limit the "ways in" to our software to some reasonable number, or it won't ever be secure. That's accomplished by making the overall system relatively simple, or breaking it down into very simple and totally separate component parts.

Then, once we've limited the ways in, we need to start thinking about:

"How many different possible attacks are there against each way in?"

We limit that by making the ...