A small group of programmers wants to change how we code—before catastrophe strikes. https://www.theatlantic.com/technology/archive/2017/09/saving-the-world-from-code/540393/
It is a long winded article but I read it and I was quite surprised by some of the things he said, like he says many bugs are introduced because coders don't plan their project properly before they begin coding it. When I was learned C many years ago one of the things I learned within a few months of actual coding is, writing the code is the easy part, it is the frosting on the cake. The hard part, the actual cake making, is figuring out the logic. You have to draw it out step by step to visualise the entire flow. Then you can start to say ok in order for this to work, I have to make this happen before that happens but only if the other happens and if the other doesn't happen then this, this, and that has to happen but only after this happens etc etc. That can get very tricky when you are juggling with multiple possibilities at the same time and if you overlook one thing, the entire project is broken. So you must plan it out carefully first. If you dont, and this has happend to me, you get in the zone, you are 100% focused, you start coding. you code and code and code you implemented some very clever algorithms quite complex math all working perfectly, you're congratulating yourself on how smart you are and then you stop and look at what you spent half the night working on and then suddenly it dawns on you. This is all wrong!! I just coded myself into a wild goose chase!! This is not even close to doing what I started out to do!! I thought all coders had been there, done that, knew that.
As for the main point of the article I think coders are already too much removed from the underlying code by the way coding has become a job of hashing together a bunch of pre written building blocks of code without even looking at the code in them, so whatever errors/exploites might be contained in those code libraries become very pervasive, used over and over again. This is why the NSA weakened random number generator in an ssh library went unnoticed for a decade. I dont know where most of the currently exploited errors lie but it would not surprise me if most are hidden away in black box .dlls. So to create a new system of GUI based coding where the user doesn't even need to know how to code, just how to design, is probably going to make the problem of unseen code exploits worse.
Note scare tactics at all. The company I worked for a had an analysis program that we sold as an add to the data that was collected. It was very complex. I was transfered to the reseach lab and one project I was given was to trace a couple of levels of data thru the code. Holy Cows. One thing I found so many examples of was once section of code would take variables a and b and calculate c. Then in another section of the code they had the variables c and b and were calculating a. I bet that alone when on almost a 100 times. To many fingers in the pie and no one knew that the other was doing. And today's complex code made that a simple thing. Who knows what bugs and error lie in the code day and today this code controls some vital systems. Scary indeed
Yes it is and you know, I never coded as a regular job for an employer but I know guys who do, and you know what sitting at a computer coding all day does to a person? It makes them sleepy as hell at work. Especially by the afternoon. I have seen people literally asleep, still sitting at their computer and its not their fault. But what kind of mistakes did they make prior to that, every day.
Thanks for the summary, the article was way too long, and they also use a nasty anti-ad-blocking system. But it's indeed an important subject, hopefully the quality of coding will become better.
I think basically what the guy is advocating amounts to GUI based programming so you design the application and it creates the code. Not a new idea, website IDE's have been doing that for years.
If some coders developing on Windows, had a little bit of interest on how UAC works, their softs won't ask elevation for non-admin tasks, then people won't get annoyed by it, they won't disable it, and they won't be infected as much as they are now.
If you just switch a few of your words around you would get ... If we act like we don't know how to code for UAC so our softs keep asking for elevation for non admin tasks people will get annoyed by it and disable it so we can then ....