Minority Opinions

Not everyone can be mainstream, after all.

Obviously Correct

leave a comment »

I’ve been running across something of a theme lately. There’s something of an engineering principle that cuts across disciplines, into many aspects of life. As with much of engineering, it involves a trade-off, and can be tricky to pull off.

Dutch road designs call for design to be obvious so that correct, safe behaviour becomes the way that people will naturally drive.
David Hembrow

In a well-designed system, simple things should be simple, and the “obvious easy” way to do simple common tasks should be the correct way.
David A. Wheeler

Each of these quotations is from the context of describing a type of system has been designed in multiple ways, with some of those ways leading to safer behavior than others.

The author of the first has lived, driven, and cycled in various countries, and notices that people cycle more when they feel safer.  One of the ways to help cyclists feel safer is to keep them away from speeding cars.  Turns out that the same measures make both cyclists and pedestrians actually safer, not least by reducing the number of cars on the roads.

However, this goal is in direct conflict with a major design consideration of the traffic systems in other countries: throughput.  From a business perspective, it seems intuitively obvious that having more people get to their destinations more quickly leads to more productivity and/or customers, so political entities are pressured to allow traffic to proceed as quickly as possible.  Deaths are to be minimized, but not at the cost of traffic flow.

The second post discusses the ability of several computer file systems to store files with unusual characters in their names.  This flexibility, unfortunately, is often overlooked by the authors of general-purpose scripts, whose tools frequently fail to handle certain file names properly.  That has been the source of several security bugs, and many more minor problems over the years.  There are a very few people who like the flexibility, but even they have to work around other limitations, so why not limit file names to the (mostly) safe, common subset of characters?

There are other examples, once you start looking.  A common theme in web design, for example, involves mapping user input into database fields.  Certain languages make it extremely easy to stuff the input straight into a string, to be passed as SQL to the database.  The casual programmer fails to notice the nasty consequences of malicious input until the whole system gets compromised.  In contrast, other languages present a much safer set of wrappers as the obvious way to access the database; in practice, they each need to expose the underlying raw SQL interface for certain complex queries, but those always get extra attention anyway.

Rapidly replacing SQL injection in web application severity is cross-site scripting, where one user’s executable input is inappropriately output in the context of another user.  Again, there are programming and template languages that make it easy to spit unfiltered input straight to the browser, and those that make it easier to sanitize the output first.  Granted, the first makes it slightly easier to produce certain powerful constructs, but is it worth the cost?

Even programming language design comes into play.  Consider the following, from the Zen of Python:  “There should be one— and preferably only one —obvious way to do it.”  It doesn’t explicitly say so, but one aspect of Pythonicity is that the obvious way should also be the safe way.  There can certainly be power involved, but the power can frequently have a convenient, safe interface; consider the with block, for instance, which works extremely well to encapsulate resource acquisition.

That quotation is frequently used as a contrast to Perl’s TMTOWTDI, but in the context of safety I’m more inclined to compare it to C and C++.  The obvious way to do string handling in C is extremely unsafe, to the point of being a source of many security breaches.  C++ fails to hide that interface, but supplements it with one that is at least slightly more safe, if trickier to use.  They also expose memory access in unsafe ways, with C++ in particular hiding several pitfalls behind its most obvious interfaces.

Unfortunately, I’m not at all certain that I’ve been any better at designing interfaces that are safe to use in the obvious ways.  Perhaps a measure of that is a cultural mentality, considering the next line of the Zen: “Although that way may not be obvious at first unless you’re Dutch.”  Is there a reason the best roads and the best programming language are made by the same people?  Is it something the rest of us can learn?

Advertisements

Written by eswald

7 Jun 2011 at 10:24 pm

Posted in Cycling, Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s