Wednesday, July 29, 2009

Security (Bug Fixes) is now a Major Industry


Have you noticed that Microsoft and other software vendors think bugs are a natural common place?

What I mean by that is that they EXPECT USERS to EXPECT BUGS in their products. I've been a software producer for nearly 30 years now, selling and supporting customers over the years and I don't expect BUGS to be a natural part of the process.

That said, yet, it is well understood bugs do happen and no software is 100% perfect, regardless on how great your are. While some products are managed by highly trained engineers (as myself) and QA is very important, there are times where a bug is discovered by others. "Shit happens!"

The problem is that BUGS have become so pervasive in the industry and in mindset of this generation of software developers, there is a whole industry developed around it, especially in the security area or bugs that cause security problems.

Its become so bad, companies like Microsoft has a regular scheduled BUG FIX update, like every month - and they have trained the mindset of the industry to accept this modus operandi of software product development,

Another problem is that vendors, especially Microsoft use the "BUGS FIX OF THE MONTH" schedule to ship and include new technology they wish to enforce on the user base. And these new technologies are not always top quality and will be part of future Bugs Fixes updates!

Its a tough situation because as a software product producer, we can understand the situation. But we are not one to play this poor QA game to begin with and that is my beef.

Why did it happen?

Well, its hard to point fingers but I have my take on it:
  • Open source market,
  • More complexity,
  • Higher Dependency on 3rd party software,
  • Smarter IDEs,
  • Scattered support process,
  • Developer are less trained as Engineers - problem solvers,
  • And too much FREE software!
Overall, when you have less control of your software development, libraries and tools, you are prone to suffer the issues that are within the software you less understand and did not developed.

For example, for the Wildcat! Interactive Net Server product line, there are a few millions lines of code. We developed nearly 99% of it all in house. We hardly ever use 3rd party software, and in the rare case we do use 3rd party technology, we only do so with 100% complete understanding of what it does and what issues it has. Doing the design process, we know what every function call does. There are no surprises or unknowns. Its not a guessing game in how a function, blackbox or component is going to behavior. When you don't fully understand something, the risk is higher for problems.

So much of the software products out there are open source, and worst based on other open source. So if one part is broken, all of those products using the broken open source, is broken as well. A good example of this is WebKit which many browsers use. If webkit is broken, all of these browsers are broken. And this is just one small example. There are thousands of examples out there.

There are good and top notch open source software, so that is not a big part of the issue.

A bigger part is the complexity, less documentation. Since you didn't write it, you will spend a lot of time figuring it out. Good developers will roll up their sleeves and figure things out. Unfortunately most do not because of the complexity and when help is needed, many times help and support is unofficial, based on user-support forums and extremely time consuming. For example of this, most vendors have Newsgroup Support Groups and if you ask the question in a way people can understand, many times you get help. You may have to wait a few days and its a pop luck if you do get the help. That's because the vendors have push the support process to the users - users help users. A good low cost idea to help solve vendor QA problems!

It has become so complex, you need smart Interactive Development environment to assist you in putting together applications. Its like a puzzle. Take many parts, including open source, logically put it all together, press a button and viola - you have a product executable!

For many, that's good enough! they do a little testing, package it up and distribute it. It is far cheaper today to let users find problems and report them to you. After all, its no chip off your shoulder. Users expect it.

Only the good developers will use the feedback and solve the problems. Others will use either ignore it or wait for others to complain. After all, its free! How dare you complain and expect fixes!?

But overall, it happens because many developers have lost control of their design, development, quality testing, documentation and production - the traditional five stages in Software Engineering! The smarter IDEs allow kids 10 - 16 years old to write great software - but they are generally BUGGY AS HELL!

If you are not getting paid, they is less incentive to fix problems - yet, the software is "good enough" to release to the world for others to use and propagate the issue!

The industry has been molded to accept this practice!

--
Hector Santo, CTO
Santronics Software, Inc
http://www.santronics.com

Tuesday, July 28, 2009

Getting a FaceList



Well folks, I finally swallowed my pride and join FaceBook. Primarily to get together with the family who are ALL on FaceBook, but also to learn of its features.

So what is the secret of FaceBook?

Well, its complete sharing of information.

Duh, you might say.

Right. But sharing information was always considered a taboo - a violation of privacy rights so older software, such as our 25 year old Wildcat! Interactive Net Server hosting package, it never allowed sharing of information.

But that will change, Wildcat! 7.0 promises to bring sharing for customers who want to have their "own Facebook" like system. Heather, my daughter, helped me realized that I have change with the times in order to survive. Heather and I are starting a new business where you can collect all your electronic messages in one area. Its really nothing new, but it will be done via the web and it will have FaceBook and Twitter features too. We have a demo at myfeathernet.com

Well, facebook is fun I must say. You have to give up some of your privacy, but that seems to be the norm today. So be it. My cousin Tara had a favorite word today on Facebook - UPDATE! What is exactly how I feel - I must UPDATE to conform. :-)

--
Hector