Softpanorama (slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Real Insights into Architecture Come Only From Actual Programming

There are a lot of quality general architectural resources available from the Net, therefore the list below represent only some links that I am interested personally. The stress here is on skepticism and this collection is neither complete, nor up to date. But still it might help students that are trying to study this complex and interesting subject. Or perhaps, if you already a software architect you might be able to expand your knowledge of the subject. 

The primary purpose of Software Architecture courses is to teach students some higher level skills useful in designing and implementing complex software systems. In usually includes some information about classification (general and domain specific architectures), analysis and tools.  As guys in Breadmear consulting aptly noted in their paper  Who Software Architect Role:

A simplistic view of the role is that architects create architectures, and their responsibilities encompass all that is involved in doing so. This would include articulating the architectural vision, conceptualizing and experimenting with alternative architectural approaches, creating models and component and interface specification documents, and validating the architecture against requirements and assumptions.

However, any experienced architect knows that the role involves not just these technical activities, but others that are more political and strategic in nature on the one hand, and more like those of a consultant, on the other. A sound sense of business and technical strategy is required to envision the "right" architectural approach to the customer's problem set, given the business objectives of the architect's organization. Activities in this area include the creation of technology roadmaps, making assertions about technology directions and determining their consequences for the technical strategy and hence architectural approach.

Further, architectures are seldom embraced without considerable challenges from many fronts. The architect thus has to shed any distaste for what may be considered "organizational politics", and actively work to sell the architecture to its various stakeholders, communicating extensively and working networks of influence to ensure the ongoing success of the architecture.

But "buy-in" to the architecture vision is not enough either. Anyone involved in implementing the architecture needs to understand it. Since weighty architectural documents are notorious dust-gatherers, this involves creating and teaching tutorials and actively consulting on the application of the architecture, and being available to explain the rationale behind architectural choices and to make amendments to the architecture when justified.

Lastly, the architect must lead--the architecture team, the developer community, and, in its technical direction, the organization.

Again, I would like to stress that the main principle of software architecture is simple and well known -- it's famous KISS principle. While principle is simple its implementation is not and a lot of developers (especially developers with limited resources) paid dearly for violating this principle.  I have found one one reference on simplicity in SE: R. S. Pressman. Simplicity. In Software Engineering, A Practitioner's Approach, page 452. McGraw Hill, 1997. Here open source tools can help because for those tools a complexity is not such a competitive advantage as for closed source tools.

I appreciate am architecture of software system that lead to small size implementations with simple, Spartan interface. In these days the usage of scripting languages can cut the volume of code more than in half in comparison with Java.  That's why this site is advocating usage of scripting languages for complex software projects.

"Real Beauty can be found in Simplicity," and as you may know already, ' "Less" sometimes equal "More".' I continue to adhere to that philosophy. If you, too, have an eye for simplicity in software engineering, then you might benefit from this collection of links.

I think writing a good software system is somewhat similar to writing a multivolume series of books. Most writers will rewrite each chapter of book several times and changes general structure a lot. Rewriting large systems is more difficult, but also very beneficial. It make sense always consider the current version of the system a draft that can be substantially improved and simplified by discovering some new unifying and simplifying paradigm.  Sometimes you can take a wrong direction, but still "nothing venture nothing have."

On a subsystem level a decent configuration management system can help going back. Too often people try to write and debug their fundamentally flawed architecturally "first draft", when it would have been much simpler and faster to rewrite it based on better understanding of architecture and better understanding of the problem.  Actually rewriting can save time spend in debugging of the old version.  That way, when you're done, you may get easy-to-understand, simple software systems, instead of just systems that "seems to work okay" (only as correct as your testing).

An interesting note about programming as art form can be found at The GNU-Linux Art Farm - 08-30-99

On component level refactoring (see Refactoring: Improving the Design of Existing Code) might be a useful simplification technique. Actually rewriting is a simpler term, but let's assume that refactoring is rewriting with some ideological frosting ;-). See Slashdot Book Reviews Refactoring Improving the Design of Existing Code.

I have found one reference on simplicity in SE: R. S. Pressman. Simplicity. In Software Engineering, A Practitioner's Approach, page 452. McGraw Hill, 1997.

Another relevant work (he try to promote his own solution -- you can skip this part) is the critique of "the technology mud slide" in a pretty interesting book by Harvard Business School Professor Clayton M. Christensen   is very relevant. He defined "technology mudslide" very similar to Brooks "software development tar pit" -- a perpetual cycle of abandonment or retooling of existing systems in pursuit of the latest fashinable technology trend -- a cycle in which

 "Coping with the relentless onslaught of technology change was akin to trying to climb a mudslide raging down a hill. You have to scramble with everything you've got to stay on top of it. and if you ever once stop to catch your breath, you get buried."

The complexity caused by adopting new technology for the sake of new technology are further exacerbated by the narrow focus and inexperience of many project leaders -- inexperience with mission-critical systems, systems of scale, software development disciplines, and project management. A Standish Group International survey recently showed that 46% of IT projects were over budget and overdue -- and 28% failed altogether. that's normal and probably the real figures are much lower: great software managers and architects are rare and it is those people who determine the success of a software project.

Old News

STSC CrossTalk - Life Cycle of a Silver Bullet - Jul 2003 Sarah A. Sheard, Software Productivity Consortium

"Attention! Throw out those other improvement methods - we have just discovered the best ever. With our method, your quality will go up and costs and cycle time will go down." Almost any improvement method is hailed as the best way to save business from problems when it is new. Unfortunately, a few years later, this same method is now the reviled, flawed method that a new method is replacing. This parable tells how this happens.

In the 17^th century, Europeans believed that silver bullets could kill werewolves. Today's executives seek silver bullets to protect themselves not from werewolves but from sliding profits, disillusioned stockholders, and lost market share. The silver bullets for our executives are those new management trends that promise to transform the way business is done.

Examples over the decades have included Management by Objectives and Total Quality Management, while Six Sigma, Lean Enterprise, the Capability Maturity Model Integration (CMMI^®), and agile software development techniques are more recent methods earning silver-bullet reputations.

Process improvement initiatives like these can and do work, but how they are implemented is critical to their success. The following parable shows the 11 phases in the life cycle of such an improvement initiative.

Phase 1: Fresh Start

An executive of Porcine Products, Mr. Hamm, decides to throw away all silver bullets. He decides that no one knows his company like he does. He takes a close look at how the company is working to determine what its problems are and how they arose. He also looks at company strengths to leverage them and make them more effective in the future.

Envision a little pig in a suit, wiping a bunch of architectural drawings and books off a table.

Phase 2: Executive Dedication and Openness

Hamm makes it his single-minded focus to improve Porcine Products. Having identified its problems and strengths and determined how to address them, he dedicates time and money to implementing the identified improvements and eliminating conflicting initiatives. He hires forward-thinking, intelligent managers and devotes considerable amounts of his own time to be sure that the problems are truly solved, not just glossed over. Hamm and his managers research a number of current and future improvement methods to help define current problems and to be potential tool kits providing applicable suggestions.

The executive insists that the senior managers become part of the solution. Hamm forces them to examine their roles in contributing to company problems and to restructure their own work to change the way the company operates. A climate of openness without retribution is fostered, and senior managers listen to messages from all levels of the company, especially messages suggesting improvements in their own work.

Envision a little pig constructing a house made of bricks.

Phase 3: Success

Porcine Products reaps the rewards of this thorough effort. Executives and managers change the way they lead. Cross-company improvements change the way the company operates. Products are created more efficiently and have better quality. Costs go down, orders increase, and morale improves.

Phase 4: Publicity

The business press notices the successes of Porcine Products. Hamm explains the improvements his company has achieved and is asked for a name for his method. In honor of his French grandfather, he calls the improvement Balle-Argentee. The press also wants to report how much time and money was spent, and what was reaped from the improvements; Hamm looks back and makes estimates. From these the business press calculates the magic return-on-investment (ROI) number for the Balle-Argentee method of business improvement.

Envision a little pig proudly holding a book showing a house of bricks on the cover. The book's title is "The Balle-Argentee Method."

Phase 5: Momentum

Other companies look eagerly at the success of Porcine Products. Some of them are experiencing a competitive disadvantage because Porcine Products is now working more effectively than their own company, while others want to achieve the publicized ROI. Discussions at meetings of executives focus on what Porcine Products did, and why it worked.

Phase 6: First Replication

Executives at these other companies decide they want to reproduce Porcine Product's success. They talk with Hamm and others in his company about what actually happened. Each company assigns a senior manager to oversee the implementation of this improvement method across the companies. These senior managers carefully read the literature about the Balle-Argentee method. Implementers look at their own companies' problems and seek to implement the spirit as well as the letter of the Balle-Argentee approach. When they make recommendations, they listen to suggestions for improvement in their own work. They keep close watch on expenditures and benefits of this approach so they will be able to report their ROI.

Envision two or three other little pigs constructing house of wood.

Phase 7: Confirmation

Some of these companies publish studies of their own success using the Balle-Argentee method. The studies cite the specific improvements each company decided to make. Because of the attention paid to investments and returns since the adoption of Balle-Argentee, this set of companies can cite precise ROI figures. These companies earn accolades from shareholders for fiscally effective management. General business books about this method are published, including "Balle-Argentee in Warp Time," and "Balle-Argentee for Small Companies."

Envision a collection of books with houses of wood on the cover.

Phase 8: Proceduralization

Many more companies decide that this method is valuable. The ROI convinces some, and the fact that their competitors are reaping the returns from Balle-Argentee convinces the rest. With this second set of companies, the executives and senior managers add Balle-Argentee as one more method in their current process initiatives. Because they cannot adequately focus on all of the methods, they delegate implementation of the Balle-Argentee effort to middle managers. These middle managers are given ROI goals that match the published numbers. Other middle managers are given comparable ROI goals for simultaneously implementing different process improvement efforts. Executives believe that the competition engendered by these multiple initiatives will increase the fervor in implementing all the initiatives.

What the implementing managers know about the Balle-Argentee method is limited to the published results. Time constraints prevent these managers from contacting Porcine Products or from reading any of but the shortest summary articles. To reduce the risk of missing their ROI goals, the managers seek ways to improve the cost-effectiveness of Balle-Argentee as they implement it. Implementation that took Porcine Products several years must now be completed within a fiscal cycle. The implementing managers require their people to use some of the specific improvements described in the literature exactly as they are described, without costly discussion or modification. Other specific improvements are ruled out because they would be costly to implement. The stated rationale is that these improvements will not work here because company circumstances differ.

Instead, the implementing managers restate general strategies in the Balle-Argentee literature as broad goals, which they then apply in a sparing manner. In almost all cases, the imperative for executives and managers to listen to workers and to change their own work accordingly is the first general strategy to be deleted. It is restated as improve communication and then becomes implemented as improve communication downward. These implementing managers have risen in their companies because they respect the wisdom of their superiors. They do not ask for literal implementation of the strategy executives must listen more because to do so might cause their superiors to feel threatened or embarrassed.

Finally, these implementing managers seek to cast their own actions in the best light. They believe involving executives would signal weakness. Much of the implementation of Balle-Argentee shifts to managing the news. Executives and senior managers remain uninformed and are uninvolved in the improvement effort except in expecting to reap benefits.

Envision an entire village of houses made of straw.

Phase 9: Diminished Returns

Because of cost cutting, time compression of the improvement effort, lack of executive involvement, dilution of emphasis due to other improvement initiatives, and a tendency to apply the steps as a checklist rather than to seek and fix the company's basic business problems, these more recent Balle-Argentee improvement efforts do not reap the published ROI numbers. This happens broadly across the industry.

Envision the village of straw houses starting to crumble, propped up by sticks and invaded by mice.

Phase 10: Blaming the Method

Workers in these companies feel bombarded by misunderstood management initiatives, and Balle-Argentee is applied intrusively asking for additional work in order to claim compliance. Workers know that the checklists they are being asked to follow and fill out are not solving any real problems. Some attend conferences and complain that the Balle-Argentee method makes companies do stupid things. They cite their experiences, complaining that the Balle-Argentee sponsor does not want to hear about any real problems that are not quickly solved. They complain that checklists and complex documentation substitute for investigation and solutions, and that the intense focus on the ROI severely decreases the investment money for making complex improvements rather than applying Band-Aids.

Coupled with the evidence from Phase 9 that current implementations of Balle-Argentee do not provide good ROI, these very real complaints cause the business press to be ruthless in denigrating Balle-Argentee as a flawed approach. Articles appear advocating slaying the Balle-Argentee monster.

Envision the big bad wolf blowing down the village of straw houses.

Phase 11: Starting Fresh

Mr. Boar, a true improvement-minded executive at Animalia, Inc., decides that no one knows his company like he does. He decides to throw out Balle-Argentee along with all the other silver bullets and takes a close look at Animalia's problems and how to fix them.

Envision a different little pig wiping a bunch of books and drawings off his desk. One of the books has a picture of a house of bricks on the cover.

Morals of the Story

• A sequence of steps, each consisting of decisions made for good reasons, does not necessarily lead to a good result. In the parable, each executive and manager was making good decisions within the constraints established by those higher up. The end result was disastrous.
   
• For best results, start at Phase 1 and stop at Phase 3.
   
• Only by really looking at your company's problems can you solve them. Other people's strategies worked for them because the strategies were made for them. If you want to make real improvements, you have to do the work of determining your business problems and applying methods that make sense to fix them.
   
• Do not assume that people who claim to be using a method really are using it. In Phase 8, actual use of the original method ceases. Instead we have a method bearing the same name that attempts to reap results quickly and dirtily, and is thoroughly unsuccessful in doing so. (Unfortunately, Phase 8 is also where most companies try to use the method.)
   
• There is nothing like the original. Do not read everyone else's interpretation of a method, read the original. If possible, talk to the creator. Find out the principles behind the steps, so you can ensure your adaptation is consistent with the principles.
   
• The ROIs of multiple improvement initiatives do not add; they interfere. Focus on what problems you want to solve, and work out as executives how the initiatives contribute to solutions. Determine where the initiatives will appear as conflicting to the workers and reconcile them. Display a unified front to the workers.
   
• Do not assume other companies' ROI numbers will apply to you. They started from a different place and made different investments [1].

How to Use Silver Bullets

A great deal has been written about the appropriate way to do process improvement. You must focus on the business goal of improvement, not just on the method used to get there (e.g., CMMI) or on intermediate indicators (e.g., Level 3) [2, 3]. Executives must devote the appropriate resources and stay involved [4]. Managers must learn what is real and react appropriately [5, 6]. The process group must analyze the real causes of problems [7], plan changes, get them approved, and make sure the organization follows through [8]. And everyone must make sure the changes actually improve the product development processes, not interfere with them.

Specific guidance on how to avoid making mistakes with a silver bullet follows:

• Everyone: Realize that all methods are a means to the end of an improved company, not the end themselves. You cannot paste on improvements - you have to look at how your company is working right now and how any given method will alter that.
   
• Executives: You have the responsibility to develop your own understanding of what is impeding your company's path to a better future and determining what steps will remove those barriers. Take time to understand any externally generated initiative before pushing it. Does your company even have the same problems as the companies that succeeded with the method?
  
  Understanding your true problems requires upward communication. Know what currently makes upward communication unsafe, particularly, do your managers have incentives to tell you only good news [9, 10]? Find out what happens to bad news and where it stops. Find a way around that barrier or you will not hear what is really happening in your company.
   
• Managers: You have to understand the method(s) you are pushing. Needing something really badly does not mean you can get it faster by means of wishing or whipping. Determine what is realistic and do not ask for shortcuts.
  
  Insist on understanding the relationship between initiatives that compete for people's attention. Clarify that relationship, coordinate with other sponsors, and make it easy for the workers to comply with all of the initiatives. Your products make the money, not your management initiatives. You have to be sure the initiatives do not make it difficult to make the product!
   
• Process Groups: Push back on managers demanding the same results as other companies but in less time, with fewer resources, and with less thought. Point out why it is not going to happen. Then propose something that will work. Do not compound the problem by giving only the good news.
   
• One Last Word: A truly successful effort will result when a company develops specific solutions to its specific concerns. Second-generation applications of these methods can work if they are studied to determine where the true benefits came from, and applied intelligently with appropriate investment. But a house of straw is erected when companies believe they can quickly gain return from low-budget adherence to someone else's solutions.

Special Credit
 

Special thanks goes to Cathy Kreyche for her contributions to this article.

References

1. Sheard, Sarah A., and Christopher L. Miller. The Shangri-La of ROI. Proc. of the 10th Annual Symposium of the International Council on Systems Engineering, Minneapolis, MN, July 2000.
2. Sheard, Sarah A. What Is Senior Management Commitment? Proc. of the 11th Annual Symposium of the International Council on Systems Engineering, 2001. Republished in Proc. of the Software Technology Conference, Salt Lake City, UT, 2002.
3. Kaplan, Robert S. "Implementing the Balanced Scorecard at FMC Corporation: An Interview with Larry D. Brady." Harvard Business Review Sept.-Oct. 1993.
4. Gardner, Robert A. "10 Process Improvement Lessons for Leaders." Quality Progress Nov. 2002.
5. Gilb, Tom. "The 10 Most Powerful Principles for Quality in Software and Software Organizations." CrossTalk Nov. 2002.
6. Baxter, Peter. "Focusing Measurements on Managers' Informational Needs." CrossTalk July 2002: 22- 25.
7. Card, David. Learning From Our Mistakes With Defect Causal Analysis. Proc. of the International Conference on Software Process Improvement, Adelphi, MD, Nov. 2002.
8. Bowers, Pam. "Raytheon Stands Firm on Benefits of Process Improvement." CrossTalk March 2001: 9- 12.
9. Argyris, Chris. Overcoming Organizational Defenses: Facilitating Organizational Learning. Prentice Hall, 1990.
10. Argyris, Chris. Flawed Advice and the Management Trap. New York: Oxford UP, 2000.

 

---

About the Author
 

Sarah A. Sheard is technical lead for Systems Engineering at the Software Productivity Consortium. She has more than 20 years of experience in systems engineering and process improvement. Sheard has published more than 20 articles and papers on systems engineering and process improvement in CrossTalk, the proceedings of software technology conferences, International Council on Systems Engineering (INCOSE) symposiums, and the INCOSE journal. Sheard received INCOSE's "Founder's Award" in 2002. As the consortium's technical lead for the Capability Maturity Model Integration (CMMI^®), Sheard was the lead author of the Software Productivity Consortium's course on "Transitioning to the CMMI."

Software Productivity Consortium
Phone: (703) 742-7106
Fax: (703) 742-7350
E-mail: sheard@software.org

Linux: Linus On Specifications

Posted by Jeremy on Friday, September 30, 2005 - 20:14

In a conversation that began as a request to include the SAS Transport Layer in the mainline Linux kernel, there was an interesting thread regarding specifications. Linux creator Linus Torvalds began the discussion saying, "a 'spec' is close to useless. I have _never_ seen a spec that was both big enough to be useful _and_ accurate. And I have seen _lots_ of total crap work that was based on specs. It's _the_ single worst way to write software, because it by definition means that the software was written to match theory, not reality."

Linus went on to list two reasons to avoid specifications when writing software. First, "they're dangerously wrong. Reality is different, and anybody who thinks specs matter over reality should get out of kernel programming NOW." Second, "specs have an inevitable tendency to try to introduce abstractions levels and wording and documentation policies that make sense for a written spec. Trying to implement actual code off the spec leads to the code looking and working like CRAP." As a "classic example" he pointed to the OSI model, "we still talk about the seven layers model, because it's a convenient model for _discussion_, but that has absolutely zero to do with any real-life software engineering. In other words, it's a way to _talk_ about things, not to implement them. And that's important. Specs are a basis for _talking_about_ things. But they are _not_ a basis for implementing software."

---

From: Linus Torvalds [email blocked]

To: Arjan van de Ven [email blocked]

Subject: Re: I request inclusion of SAS Transport Layer and AIC-94xx into the kernel

Date:	Thu, 29 Sep 2005 12:57:05 -0700 (PDT)

On Thu, 29 Sep 2005, Arjan van de Ven wrote:
>
> a spec describes how the hw works... how we do the sw piece is up to
> us ;)

How we do the SW is indeed up to us, but I want to step in on your first
point.

Again.

A "spec" is close to useless. I have _never_ seen a spec that was both big enough to be useful _and_ accurate.

And I have seen _lots_ of total crap work that was based on specs. It's _the_ single worst way to write software, because it by definition means that the software was written to match theory, not reality.

So there's two MAJOR reasons to avoid specs:

- they're dangerously wrong. Reality is different, and anybody who thinks specs matter over reality should get out of kernel programming NOW. When reality and specs clash, the spec has zero meaning. Zilch. Nada.
None.

It's like real science: if you have a theory that doesn't match experiments, it doesn't matter _how_ much you like that theory. It's wrong. You can use it as an approximation, but you MUST keep in mind that it's an approximation.

- specs have an inevitably tendency to try to introduce abstractions levels and wording and documentation policies that make sense for a written spec. Trying to implement actual code off the spec leads to the code looking and working like CRAP.

The classic example of this is the OSI network model protocols. Classic spec-design, which had absolutely _zero_ relevance for the real world. We still talk about the seven layers model, because it's a convenient model for _discussion_, but that has absolutely zero to do with any real-life software engineering. In other words, it's a way to _talk_  about things, not to implement them.

And that's important. Specs are a basis for _talking_about_ things. But they are _not_ a basis for implementing software.

So please don't bother talking about specs. Real standards grow up _despite_ specs, not thanks to them.

Linus

From: Luben Tuikov [email blocked]
Subject: Re: I request inclusion of SAS Transport Layer and AIC-94xx into the kernel
Date: Thu, 29 Sep 2005 16:20:13 -0700 (PDT)

--- Linus Torvalds [email blocked] wrote:
>
> A "spec" is close to useless. I have _never_ seen a spec that was both big
> enough to be useful _and_ accurate.
>
> And I have seen _lots_ of total crap work that was based on specs. It's
> _the_ single worst way to write software, because it by definition means
> that the software was written to match theory, not reality.

A spec defines how a protocol works and behaves. All SCSI specs are currently very layered and defined by FSMs.

This is _the reason_ I can plug in an Adaptec SAS host adapter to Vitesse Expander which has a Seagate SAS disk attached to phy X... And guess what? They interoperate and communicate with each other.

Why? Because at each layer (physical/link/phy/etc) each one of them follow the FSMs defined in the, guess where, SAS spec.

If you take a SAS/SATA/FC/etc course, they _show you_ a link trace and then _show_ you how all of it is defined by the FSM specs, and make you follow the FSMs.

> So there's two MAJOR reasons to avoid specs:

Ok, then I accept that you and James Bottomley and Christoph are _right_, and I'm wrong.

I see we differ in ideology.

> It's like real science: if you have a theory that doesn't match
> experiments, it doesn't matter _how_ much you like that theory. It's
> wrong. You can use it as an approximation, but you MUST keep in mind
> that it's an approximation.

But this is _the_ definition of a theory. No one is arguing that a theory is not an approximation to observed behaviour.

What you have here is interoperability. Only possible because different vendors follow the same spec(s).

> - specs have an inevitably tendency to try to introduce abstractions
> levels and wording and documentation policies that make sense for a
> written spec. Trying to implement actual code off the spec leads to the
> code looking and working like CRAP.

Ok, I give up: I'm wrong and you and James B are right.

> The classic example of this is the OSI network model protocols. Classic

Yes, it is a _classic_ example and OSI is _very_ old.

_But_ the tendency of representing things in a _layered_, object oriented
design has persisted.

> spec-design, which had absolutely _zero_ relevance for the real world.
> We still talk about the seven layers model, because it's a convenient
> model for _discussion_, but that has absolutely zero to do with any
> real-life software engineering. In other words, it's a way to _talk_
> about things, not to implement them.

Ok.

> And that's important. Specs are a basis for _talking_about_ things. But
> they are _not_ a basis for implementing software.

Ok. Let's forget about maintenance and adding _new_ functionality.

> So please don't bother talking about specs. Real standards grow up
> _despite_ specs, not thanks to them.

Yes, you're right. Linus is always right. Now to things more pertinent, which I'm sure people are interested in:

Jeff has been appointed to the role of integrating the SAS code with the Linux SCSI _model_, with James Bottomley's "transport attributes". So you can expect more patches from him.

Regards,
Luben

P.S. I have to get this 8139too.c network card here working.

From: Linus Torvalds [email blocked]
Subject: Re: I request inclusion of SAS Transport Layer and AIC-94xx into the kernel
Date: Thu, 29 Sep 2005 17:35:27 -0700 (PDT)

On Thu, 29 Sep 2005, Luben Tuikov wrote:
>
> > It's like real science: if you have a theory that doesn't match
> > experiments, it doesn't matter _how_ much you like that theory. It's
> > wrong. You can use it as an approximation, but you MUST keep in mind
> > that it's an approximation.
>
> But this is _the_ definition of a theory. No one is arguing that
> a theory is not an approximation to observed behaviour.

No.

A scientific theory is an approximation of observed behaviour WITH NO KNOWN HOLES.

Once there are known holes in the theory, it's not a scientific theory. At best it's an approximation, but quite possibly it's just plain wrong.

And that's my point. Specs are not only almost invariably badly written, they also never actually match reality.

At which point at _best_ it's just an approximation. At worst, it's much worse. At worst, it causes people to ignore reality, and then it becomes religion.

And that's way _way_ too common. People who ignore reality are sadly not at all unusual.

"But the spec says ..." is pretty much always a sign of somebody who has just blocked out the fact that some device doesn't.

So don't talk about specs.

Talk about working code that is _readable_ and _works_.

There's an absolutely mindbogglingly huge difference between the two.

Linus

 

---

From: Theodore Ts'o [email blocked]

Subject: Re: I request inclusion of SAS Transport Layer and AIC-94xx into the kernel

Date:	Fri, 30 Sep 2005 01:31:49 -0400

 

On Thu, Sep 29, 2005 at 04:20:13PM -0700, Luben Tuikov wrote:
>
> A spec defines how a protocol works and behaves. All SCSI specs
> are currently very layered and defined by FSMs.

A spec defines how a protocol works and behaves --- *if* it is well-specified and unambiguous, and *if* vendors actually implement the spec correctly. (And sometimes vendors have major economic incentives to cheat and either intentionally violate the specification, or simply not bother to test to make sure whether or
not they implemented their hardware correctly.)

Computing history has been literred with specifications that were incompentently written and/or incompentently implemented --- from the disaster known as ACPI, to FDDI (early FDDI networking gear was interoperable only if you bought all of your gear from one vendor, natch), consumer-grade disks which lied about when data had been
safely written to iron oxide to garner better Winbench scores, and many, many, many others.

This is one of the reasons why the IETF doesn't bless a networking standard until there are multiple independent, interoperable implementations --- and even _then_ there will be edge cases that won't be caught until much, much later.

In those cases, if you implement something which is religiously adherent to the specification, and it doesn't interoperate with the real world (i.e., everybody else, or some large part of the industry) --- do you claim that you are right because you are following the specification, and everyone else in the world is wrong? Or do you adapt to reality? People who are too in love with specifications so that they are not willing to be flexible will generally not be able to achieve complete interoperability. This is the reason for the IETF Maxim --- be conservative in what you send, liberal in what you will accept. And it's why interoperability testing and reference implementations are critical.

But it's also important to remember when there is a reference implementation, or pseudo-code in the specification, it's not the only way you can implement things. Very often, as Linus has pointed out, there are reasons why the pseudo-code in the specification is wholely inappropriate for a particular implementation. But that's OK; the
implementation can use a different implementastion, as long as the result is interoperable.

Regards,

- Ted

---

Related Links:

 

• Archive of above thread

[add new comment | printer friendly page]

Call me crazy, but a scientif Comment posted by Anonymous (not verified) on Friday, September 30, 2005 - 22:57 Call me crazy, but a scientific theory is only what is proported to be the best explaination to a set of natural observed occurances and behaviors. It isn't required to be without holes. Perhaps Linus is referrign to Laws, which are not certified by anybody, but assumed to carry the weight of universal (or at least near universal) truth, such as the Law of Gravity or the Law of Conservation of Mass and Energy. Certainly Linus is allowed to say that a particular spec is useless, but I'm not throwing out my processor spec book anytime soon. The point is that useful specs match reality. It would have been nice if this post had included anything reguarding whether the protocol in question actually matches reality or not. [ reply ]

Linus' hole in a theory seems Comment posted by Ano Nymous on Saturday, October 1, 2005 - 04:32 Linus' hole in a theory seems to be a counter case for the theory, NOT an area which isn't explained by the theory. Keeping that meaning in mind, if a theory has such hole it means that there exist something which proves that the theory isn't correct, in which case the theory isn't valid. If my theory is that all cats are green, and someone encounters a black one, it means my theory is bogus. Perhaps most cats are green, in which case the theory becomes only an approximation (but in this case even that's not true ;-). There's no real difference between Laws and theories, except that laws maybe were more deducted from experimental data instead of thought out theoretical theories. "This seems to be always true, but we don't know why". [ reply ]

Very close. Theories usually Comment posted by Pingu (not verified) on Saturday, October 1, 2005 - 14:14 Very close. Theories usually attempt to explain why or how things happen, while laws are always just generalizations for what does happen. Laws often take the form of mathematical relationships which express what always happens, without attempting to explain why. [ reply ]

Many of our best scientific theories "have holes" Comment posted by Eivind Eklund (not verified) on Monday, October 3, 2005 - 04:42 To use a really specific example, Einstein's General Theory of Relativity and Quantum Electrodynamics - two of our best present theories - are in conflict. Stating that they "aren't valid" is a copout against how science works. We just end up using them, and trying to find some way we can actually get at the edge cases that may give us a clue to how to unify them. Eivind. [ reply ]

leave science out, please :) Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 06:49 at the same time, a scientific theory is a mere intellectual exploration space. to compare it to specs is misleading. please leave science out of specs. science doesn't care about specs. if at all, it makes some sense in engineering problems. it does make interoperability easy but only in a perfect world. so i'm leaning towards mr. torvalds :) on the "usefulness" of specs. i guess, by processor spec book you mean what's already been "implemented" in the hardware. if x86 spec was useful, you should have been able to swap a processor made by Intel with one made by AMD. ofcourse you can atleast compile your programs to a generic x86 spec, but it is only an interoperability "compromise". my 2 cents :) [ reply ]

you can run i386 binaries on Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 07:30 you can run i386 binaries on all Intel AMD, via ,etc processors thanks to the x86 spec. [ reply ]

Not an argument for Specs at all. Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 07:51 As far as I'm aware x86 was never an open agreed upon standard, people knew what commands where available and what they did, they just reverse engineered the bugger. Then Cyrix had a bunch of extensions, then intel had a bunch of extensions, then they stuck the MMX code on to it, then it became incorporated Then AMD extended it again, etc etc all the way up to AMD64. One big bloody mess. Proving Linus's last point that standards grow up despite specs not because of them. [ reply ]

Documentation Comment posted by Anonymous (not verified) on Friday, September 30, 2005 - 23:38 Documenting the code isn't usefull too. It never reflects reality. So, just quit commenting code, writing user/architecture documentation. [ reply ]

wrong target Comment posted by anonymous (not verified) on Saturday, October 1, 2005 - 00:56 Linus is an engineer/tech. He dislikes theory work because it often gives nothing in practice. However, specs are not always theory, and they may be usefull, as well as docs. He may be smart enough (or know linux code enough) to not need any doc/spec, but it's not the case of many other people. Some specs are good, and sometimes necessary. He cited OSI model, well, but I can assure you I won't go in an airplane if it was done with Linus' practices... There are specs in some places that are good, and that are read and followed. Even in non-dangerous domains such as Web standards, specs are necessary, and those who don't follow these specs make crap softwares/browsers! Moreover, in Linux development model, which is fuzzy and distributed, not directed, defining the software may be vain. However, in a commercial environment, defining the spec is really writing a contract, which protects both the customer and the editor. Specs there defines what the software can and must do, and ensures it will do. Linus obviously lacks of experience in industrial and critical projects. He may be right for the kernel development (however I still doubt it should be so entire on that subject), but he's wrong on many other domains. IOW, Linus does here a generalization which is at least as wrong as are the examples he cited. As we say : "all generalization are false". If he finds a bad spec, either it throws it away, or he fixes it. It's the same for technical docs. But he shouldn't tell every specs are useless and bad. That's wrong. [ reply ]

specs Comment posted by Anonymous (not verified) on Saturday, October 1, 2005 - 01:05 specs snatched out of thin air just dont work. specs drawn and refined by experimentation are the ones that are useful. i never write specs when i start a software project. i start with small test programs that do what is required. [ reply ]

right, but limited to small things/implementation details Comment posted by Anonymous (not verified) on Saturday, October 1, 2005 - 10:20 Knowledge of technology, given through small tests, is a good thing to get a spec. However, you cannot build a whole complex software with limited cost blindly. If you do not have at least a plan, you won't do what you should. The software may be usefull and correct, but it certainly will be inadequate and don't do what was asked for. And building specs on top of experience will certainly prevent you from controlling you development process, therefore forbid access to many big and serious projects. I'm sorry, but when things get really complex, hackers have no place. Structure, rigor and organization have, and are far more important than good or bad code. This is were specs appears (among other things of course). And do not tell me a kernel OS as Linux is a complex thing as an example: it is big (wide?) because of many hardware, but the core OS still is simple (vertically). Moreover, Linux was rewritten several times, showing perfectly that a. nobody told initially what the needs were, and b. it was several times wrong. In an industrial process, this is simply unacceptable (you simply won't have the contract). [ reply ]

linux isn't targeting a singl Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 04:34 linux isn't targeting a single customer nor a single process. it is flexible and always evolving, unlike industrial process where you design something once and you're done with it. there's no comparison between the two, they are completely different domains. just because linus doesn't have any specs to show you, doesn't mean linus doesn't have a plan. don't confuse the two. even specs don't help produce reliable code in the industrial process domains. what counts there is good peer review and testing to the limits of your sanity. choosing a good language can help too. [ reply ]

that's wishful thinking, afai Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 05:20 that's wishful thinking, afaiac. in my experience, commercial software is rewritten just about as often as non-commercial software, for one thing. for another, specs often are complete crap. not so much because they contain bad ideas, but more often because they are overly complex or worded in an ambiguous manner. take soap, for example. overengineered, because when there was no real implementation lots of things probably sounded like good ideas. now half the implementations implement half the spec (all different halves), and have to concentrate on a common subset in order to interoperate. you know what? that common subset is almost as simple as xml-rpc, which was defined because soap was deemed to complex. that being said, xml-rpc is rather limited because - among other things - it allows only for 32 bit integers. it's not a great spec either, but it works because it's easily implemented and simple enough that interoperability problems are rare. i don't think linus is right in dismissing specs. some specs, such as rfc 2045/2046 are complex and still pretty unambiguous. you can work with them, therefore they are useful specs. [ reply ]

wrong target Comment posted by Joris (not verified) on Monday, October 3, 2005 - 03:27 I have the distinct, yet humble, impression Linus is not talking about NOT complying to specs as a matter of establishing standardisation but as NOT complying to specs when actually writing code wich is to be used by a piece of software wich is dependant on a/the spec. In the end, the spec is the 'communications layer/protocol', the code is both the carrier and the signal. It doesn not matter on wich 'material' the 'carrier' is built or in wich 'modulation' the 'signal' is sent, as long as it complies with the demands for the spec at some point along the 'transmission' it will work without any problem. Maybe he could have reffered to this as a "blackbox" programming technique ;-) Though i'm by no means a programmer of any kind and have no fundamental insights on the linux-kernel i do understand that after all what matters is the final product is supporting the linux system calls, what's in that 'blackbox' does not matter all that much as long it's working up to expactations. note: even hardware support is being dealt with in the same fashion I'm not sure any spec can handle this as even specs are subject to interpretation on both sides, and even by the implementation a spec can be interpreted contrary to expectation (the reality vs spec argument). In short anyone should be able to admit a spec does not guarantee any predictable results. note: This looks like a good step-up for an ITIL discussion as well [ reply ]

To my mind, Linux is also pro Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 06:01 To my mind, Linux is also provocating and he's right. There are many, many examples of standards and specifications that are simply not followed, because they conflict with the real world or are too complicated. I have also experienced this very often. This does not mean that specs are bad, quite in the contrary they are to my mind very important but they must be always in contact with the real world - and this is often not the case. For example - have a look at ISDN: This was specified over and over and in the end every country implemented his own ISDN standard. Have a look at SOAP: 200 pages, extremely complicated, few implementations that are not fully compatible. There are many, many other examples. Nevertheless all these specifications are important, similar to all those computer languages that died out. People are "taking the best and leaving the rest" - and there is for sure a *lot* of "good" in all these specifications. [ reply ]

I think Linus is way out of l Comment posted by Ferry (not verified) on Saturday, October 1, 2005 - 03:40 I think Linus is way out of line here. As an engineer he should know that a spec is as much a work in progress as the code that implements the desired behaviour for a device! The tendency in technology is to create devices with greater and greater complexity. A way to keep a grip on this complexity is to create specs, have interoperability tests, plug fests, etc. A released spec is just a point in time at which the spec covers desired behaviour for a device _at that time_. of course there can be mistakes in a spec, as there can be mistakes in an implementation of a device. just like there can be mistakes in the code! stop being so childish Linus and accept the fact that in the real world specs are in fact used. Specs are not bibles or fixed laws but approximations of reality (like you pointed out yourself), just as the code is an approximation of reality!!! as a side note: maybe you should talk to a few CPU engineers, they will tell you that specs are the only way to go when implementing a CPU (or any other piece of complex hardware). Re-spinning the chip in the fab is quite expensive and you will want to avoid this, hence the specs: they define the behaviour and the implementation can be tested against it.... [ reply ]

in reality, spec == best guess by a bunch of theorists. Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 03:58 specifications in programming/software are not like specifications in engineering. Programming/Software contains a lot of art and especially a lot of NEW stuff that hopefully works......certainly very little of the tried and true stuff you find in engineering. And very little testing like in engineering, IF any, BEFORE actually going live. Programming/Software != engineering Software doesn't even come close to the rigors of engineering by any means. [ reply ]

You are EXACTLY right! Comment posted by Sproggit (not verified) on Monday, October 3, 2005 - 07:24 You are EXACTLY right! and THAT is EXACTLY why todays software is generally crap. Once programming software == the rigors of engineering I will finally be out of a testing job. It can't happen soon enough, and I for one would have preferred Linus to be helping in the drive for this to happen, as opposed to helping perpetuate the situation of software engineering having no more discipline than any other transient hobby activity. [ reply ]

'spec' == standard Comment posted by Ano Nymous on Saturday, October 1, 2005 - 04:45 There are different kinds of specifications. The kind that is discussed in the thread are standards, not specific hardware or software specs. There is no x86 standard, only the Intel spec of their implementation. Then others decided they wanted to be compatible with that, and mostly followed it. This is totally different than e.g. HTML specs, where a browser who follows the specs blindly is near useless in practice, thanks to reality. Linus Torvalds said: "Specs are a basis for _talking_about_ things. But they are _not_ a basis for implementing software." And this is his main point I think. [ reply ]

I'd rather base my software o Comment posted by William Poetra Yoga Hadisoeseno (not verified) on Saturday, October 1, 2005 - 11:04 I'd rather base my software on specs, then implement real-world "unexpected" behaviour on top of it as special cases. [ reply ]

Specs are abstractions which Comment posted by Ano Nymous on Saturday, October 1, 2005 - 12:52 Specs are abstractions which describe certain behaviour. Writing code while using the spec as sort of design document for the actual code implementation gives other results than writing code that fits best in its environment (e.g. hardware and rest of kernel), while still being compliant with the spec. Imagine a spec which describes something with 5 layers and 10 classes. If you write code the same way, and someone points out that you only need two layers and 3 classes to do the same with much less code, in a nicer and more efficient way, wouldn't you agree? Or do you sputter and say "but according to the spec..."? Or in other words, what do you value more: the spec or reality? [ reply ]

If that doesn't break the spe Comment posted by William Poetra Yoga Hadisoeseno (not verified) on Saturday, October 1, 2005 - 19:00 If that doesn't break the spec (as in interoperability) it might be considered. But other people who read our software will have to figure out what's going on in the code then. And if a spec doesn't translate into good code, then it's not a good spec. [ reply ]

You can make a layer and say Comment posted by Ano Nymous on Sunday, October 2, 2005 - 03:52 You can make a layer and say in a comment somewhere that it implements layers a, b, c of spec X. The code doesn't have to be totally alienated from the spec, there's always a middle ground. Some complex things may be best described very verbosely so that people can understand them. When that understandment is there, it can be trimmed down to the essential. So I don't think it's always true about the code translation, but in practice probably more often than not. Imagine that almost no spec is good (technically: what they do is good, but they're poorly made), then you'll understand Linus' point of view to not translate specs into bad code. If you're lucky enough to work with a good spec you can get away with it, but the code shouldn't be judged by how well it resembles the spec, but on its own. [ reply ]

You don't have a clue what yo Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 05:32 You don't have a clue what you're doing then. A spec isn't supposed to translate into code at all. It is supposed to describe, in as few words as possible, with no implementation details whatsoever, with no subjective opinions whatsoever, what minimum requirements the project must meet when it is complete to be considered functional and fit for purpose. A spec is not a recipe, nor a set of instructions. If I give you a spec to build a bridge, it's not going to read "must use x beams, attach beam a to beam b like so..." it's going to read "must support x tonnes, must stand in windspeeds of x, must last x years" And anything you can do to meet it is fine, but you better fuckin meet it. Man... if I was as public a figure as Linus is, I'd be embarressed as hell to have said something so stupid. [ reply ]

Sure there are specs like that Comment posted by Mr_Z on Monday, October 3, 2005 - 05:47 ...but there also are specs that ARE much lower level and do specify details. As a spec writer myself, I know that specs have their limitations. I owned a set of architecture specs for a DSP core, and I know those specs have holes. My specs were much more detailed than "It must support X tonnes," to be sure. Nonetheless, another set of people wrote microarchitecture specs that went under my architecture specs that went even further--"Use such-and-such register file for this, use such-and-such memory for that, etc." complete with pipeline diagrams, etc. And then there was the actual implementation. In the end, the implementation did deviate from both the architecture and microarchitecture specs. But the device did ultimately work. So in a sense Linus is right. The spec gives you guideposts and bounds. It does not give you the implementation. And, it won't, by itself, give you interoperability. There's no substitute for testing against other implementations. [ reply ]

It shouldn't give you any imp Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 06:37 It shouldn't give you any implementation. When a spec deviates from the what and starts filling in the how, it stops being a spec and becomes a half-assed plan. And a half-assed plan is worse than none at all. I don't deal with low level hardware, so my experiences are different from yours, but I've done a lot of requirements gathering and spec writing myself, and I consider the hardest part of the job to be refining out the implementation crap that every armchair quarterback wants to throw into the mix. When you get right down to it, you're writing a spec because you don't have the time, skill or inclination to do something yourself, so you're telling someone you trust to make competent decision in how to go about doing what you need. When you go from telling them what you need to telling them how to do their jobs, you have to question why you're writing a spec instead of doing it yourself. [ reply ]

Im sorry, but you are wrong. Comment posted by Sproggit (not verified) on Monday, October 3, 2005 - 07:35 Im sorry, but you are wrong. You are describing a requirement. A requirement indicates what something must do. A spec details how it must go about doing it. Requirement: Move 20 tons of rubble to the dump. Spec: 1)One heavy duty tuck with shovel attachment 2)An operator 3)A map to & permission to use the dump 4)Fuel for the machinery. If there is anything missing in the spec, it can (and should) be modified in accordance to real-world experience. It's better (and in the software world, anywhere between 20x and 120x cheaper) to change the spec before implimenting, but you MUST change the spec to suit the real world at all times, otherwise you get pissed off hackers that start to ignore specs, or just consider them crap, because they've only ever encountered weak / outdated specs (no offence Linus). [ reply ]

i'm very afraid ! Comment posted by Anonymous (not verified) on Saturday, October 1, 2005 - 09:26 so this is the reason why linux just happens to run ? [ reply ]

eehhh Comment posted by Anonymous (not verified) on Saturday, October 1, 2005 - 10:08 It often doesn't work and have many bugs... But specs are not the way to reduce bug number either. They are the way to tell what the software must do, how, and how it can interoperate. Of course, specs are always false, and must be fixed all the times the code evolve. Exactly the same thing as the code: it is always false too! and must always be fixed... [ reply ]

ELF is a pretty good spec, no Comment posted by Anonymous (not verified) on Monday, October 3, 2005 - 04:36 ELF is a pretty good spec, not too broken. It's stood the test of time without any big problems. OpenGL is a pretty good spec too. [ reply ]

Observation Comment posted by Anonymous (not verified) on Saturday, October 1, 2005 - 10:24 It's funny how so many arguments are really about the definition of words. Stuff is put forward by attempting to fit it to a collection of word meanings, and interprets by fitting it to a (usually slightly different) collection of word meanings. Things can get pretty heated. Guess you could say the "language spec" (a dictionary) is the source of a lot of pain. Without it there would be no interoperability though... *grin* [ reply ]

People thinking Comment posted by MighMoS on Saturday, October 1, 2005 - 11:56 This comment has little to do with the thread itself, but I'm glad that its not filled with "Linus Groupies", but rather people still think for themselves, despite who said what. That's all. [ reply ]

I'm sure he wriggles in glee Comment posted by Ano Nymous on Saturday, October 1, 2005 - 12:54 I'm sure he wriggles in glee by the caused mass confusion. ;-) [ reply ]

Joke or forgery? Comment posted by Ike Ahnoklast (not verified) on Sunday, October 2, 2005 - 06:56 Somebody (possibly Linus) is jerking our chains by describing ideas that are mostly nonsense with the sole intent of stirring up the ants nest. If it's a joke, it's in rather bad taste. If it's a forgery, I'd not be surprised to learn that the forger was a Microsoft stooge trying to make FOSS proponents look irresponsible. In either case it's advisable to keep a grain or two of salt handy... --Ike [ reply ]

See above. There's a diffe Comment posted by Ano Nymous on Sunday, October 2, 2005 - 09:20 See above. There's a difference between being compliant with specs and designing your code like the spec. Linus said the second is bad, but as far as I can see nowehere he said the first is bad too. [ reply ]

Very true Comment posted by miro (not verified) on Sunday, October 2, 2005 - 13:21 The only useful spec are those where the written word is combined with actual code and/or data structures and that is nothing more than a well documented source file. [ reply ]

comment + source = best Comment posted by Anonymous (not verified) on Sunday, October 2, 2005 - 16:06 because _some_ specs(acpi, bios-stuff, nforce chipsets, intel's uhci usb, (just to name a few) ) tend be inaccurate, incomplete, Hardware-vendor found a better way to do sth. better without saying it to the spec. writer, the Big MegaShit Company messed it up, or just written by a complete idiot! (usb is fine now, acpi _works_ too to some degree but there still some broken laptops around!). [ reply ]

and i think the reason for th Comment posted by hobgoblin (not verified) on Monday, October 3, 2005 - 04:01 and i think the reason for that is that most of this stuff was implemented on windows first. This allows the vendor that makes the hardware to put in special case changes in their drivers while allowing windows to boot of the hardware, barely. if a spec was followed rather then extended upon all the time from corp a, b and c one would have less work of first implementing the baseline spec and then trying to nail down variation a, b and c. yes you cant follow the specs like a orthodoxy, but its a place to start. without specs we would not have stuff like the net or the web. the problem is when there is no open talk about changes done, or extensions made, so that vendor a extends or changes and vendor b have to reverse-enginee