On 08/31/2018 03:50 PM, Walter Bright wrote:
https://news.ycombinator.com/item?id=17880722
Typical comments:
"`assertAndContinue` crashes in dev and logs an error and keeps going in
prod. Each time we want to verify a runtime assumption, we decide which
type of assert to use. We prefer `assertAndContinue` (and I push for it
in code review),"
Yea, that one makes me cringe. I could at least understand "unwind the
stack 'till you're at least out of this subsystem, and THEN MAYBE
abort/retry (but not ignore)", though I know you disagree on that. But
to just...continue as if nothing happened...Ugh. Just reminds me of
common dynamic scripting language design and why I never liked those
languages: If the programmer wrote something nonsensical, best to do
something completely random instead of giving them an error message!
"Stopping all executing may not be the correct 'safe state' for an
airplane though!"
Honestly, comments like this suggest to me someone who's operating under
the false assumption that "stop all executing" means "permanently stop
all of the software running on all components of the plane" rather than
"stop (and possibly restart) one of several redundant versions of one
particular subsystem". Which suggests they only read comments and not
the article.
Interestingly, the same user also said:
"Software development often does seem like a struggle between
reliability/robustness and safety/correctness."
WAT?!
That's like saying, "Speaker design often seems like a struggle between
loudness versus volume." Each one *requires* the other.
Scary.
"One faction believed you should never intentionally crash the app"
I can understand how people may naively come to that conclusion: "Duh,
crashing is bad, so why would you do it intentionally?" But, of course,
the reasoning is faulty.
There's also the "It depends on your industry/audience. You're talking
airplanes, but my software isn't critical enough to bother with the same
principles." I wonder if it might help to remind such people that's
*exactly* how MS ended up with Windows Me:
This is well-known:
After Win3.11, MS decided that businesses required more reliability from
their OS than the home users needed. So they split Windows into two
product lines: WinNT for business (more focus on reliability) and Win95
for home (speed and features were more important).
Things started out mostly ok. Win95 wasn't quite as reliable as NT, but
not a gigantic difference, and it was expected. Then Win98...some more
issues, while NT stayed more or less as-was. Then WinMe hit. BOOM!
By that point, the latest in the WinNT line was "Win2k", which was STILL
regarded as pretty well stable, so MS did what's probably the smartest
move they've ever made: Killed off the 9x/Me codebase, added DirectX to
Win2k and called it "WinXP". And it spent a whole decade widely hailed
as the first ever home version of Windows to not be horrible.
So yea, I don't care how non-critical you think your software is. If
it's worth using, then it's important enough.
And on and on. It's unbelievable. The conventional wisdom in software
for how to deal with programming bugs simply does not exist.
In my observation, there doesn't seem to be much conventional wisdom in
software in general. Everything, no matter how basic or seemingly
obvious, is up for big, major debate. (Actually, not even restricted to
programming.)
[From your comment in that thread]
> fill up your system disk to near capacity, then try to run various
apps and system utilities.
I've had that happen on accident once or twice recently. KDE does NOT
handle it well: *Everything* immediately either hangs or dies as soon as
it gains focus. Well, I guess could be worse, but it still really irks
me: "Seriously, KDE? You can't even DO NOTHING without trying to write
to the disk? And you, you other app specifically designed for dealing
with large numbers of large files, why in the world would you attempt to
write GB+ files without ever checking available space?"
Seriously, nothing in tech ever improves. Every step forward comes with
a badly-rationalized step back. Things just get shuffled around, rubble
gets bounced, trends get obsessively chased in circles, and ultimately
there's little, if any, overall progress. "What Andy giveth, Bill taketh
away." Replace Andy/Bill with any one of thousands of different
pairings, it still holds.
And there's no motivation for any of it to change. Capitalism rewards
those who make more money by selling more flashy garbage that's bad
enough to create more need for more garbage to deal with the flaws from
the last round of garbage. It doesn't reward those who make a better
product that actually reduces need for more. Sometimes something decent
will come along, and briefly succeed by virtue of being good. But it's
temporary and inevitably gets killed off by the next positive feedback
loop of inferiority. Incompetence DRIVES capitalism; competence
threatens it.
