Feeds

Sucky software? So add a virgin

David Platt shows how developers get it wrong

3 Big data security analytics techniques

David Platt.

Most software sucks, so statistically speaking the software you write probably sucks as well, according to the author of programming classics like Understanding COM+ (now out of print) and Introducing Microsoft .NET (now has a different title).

His latest book, Why Software Sucks (buy it here), pillories applications with bad interfaces and poor user experiences as unsafe, unreliable and hard to use. He also encourages users to complain, publicly and repeatedly, so we asked him what overworked developers can do to avoid an avalanche of abuse.

Reg Dev: There are lots of different ways that software can suck, but do all they come down to some single underlying issue?

Platt: It all comes down to developers not understanding who their users are; and therefore thinking by extension, that their users must be similar to themselves. Nothing could be further from the truth. Always ask: “Exactly who is this user, what does she want, and how does this particular thing that I’m working on get her closer to that?”

Reg Dev: Software can suck in any language and on any OS, but are there things that make a difference, like development methodologies?

Platt: Add a virgin to the design team. By this, I mean someone who knows nothing at all about the internal implementation of the program, who represents only the user, and therefore cannot possibly allow that internal implementation to influence what the user sees. For example, when I criticized the draggable menu bar in pre-2007 Office, one of the development team said to me, “Yeah, well, we used our generic toolstrip mechanism for that menu too, so it had to be draggable.” The virgin would say, “Hey, this menu being movable isn’t something that helps, and in fact it hurts, so tie the damn thing down. “ And then don't shout them down. Break convention when needed.

Don't let edge cases complicate the mainstream. Nobody says ‘is there a Starbucks within five miles? How about ten?’. But the Starbucks ZIP finder makes me understand ‘what is a proximity’ because the search radius has a default of five miles and then ten. It turns out my office is 11 miles from the nearest Starbucks, so it takes three clicks to find it [if you don’t like Starbucks’ coffee, that may be a plus, of course – Ed].

Instrument to know thy user. Focus groups are self selected and they may not tell you the truth because they don't want to hurt your feelings; or because the users feel stupid if they can’t make the software work. Usability testing only gives you a first impression.

Finally, every time, ask whether this design decision is taking us closer to ‘it just works’ or further away.

Reg Dev: Suppose your boss is interfering or forcing you to produce sucky software?

Platt: Then you have the ‘high ranking idiot problem’ and you’re going to have a new boss soon – one way or another. I don't have a solution for that.

Reg Dev: Do you have any success stories of developers improving software that starts out sucking ?

Platt: I’ve never seen a bad one turn good. I’ve seen plenty of good ones turn bad, usually by adding unnecessary features to placate a tiny but vocal minority, while complicating the interface for everyone. Classic example, the draggable toolbar in pre-2007 office. Very, very few people asked for it, yet it appeared, and forced every single user to become more precise in their mouse clicking, all day, every day. And humans not being precise is why we invented the computer. Compare that to AutoCorrect and spell checking; which knows, understands and respects the humanity of the user.

Reg Dev: Suckiest ever software you've ever come across? And the most effective, least sucky?

Platt: Most effective is the Carbonite online backup system, which just works. Install it and forget about it. I dropped my PC last week, after Tech Ed, and broke it, and all of my data was sitting right there on Carbonite, ready to download to my replacement PC. It took 36 hours to copy it all down, for 24 GB of data, which wasn’t bad. Because I didn’t have to touch Carbonite after I installed it, the backup actually did get performed, and was up-to-date. If I had had to lift a finger to back up, I wouldn’t have done it. But I didn’t, so I did.

PC Genie Backup – which asks do you want it Normal or do you want it Easy – is a product designed by sadists for masochists. Or a product designed by geeks for geeks. Carbonite does have an option to pick-and-choose which files you want; I asked the head of the company why it was there and he said “no-one has ever ticked that in the history of the world, but my programmers insisted we kept it in”.

Another good example: Google automatically detecting the user’s country from the IP address, automatically serving up the right language page for that country, with an easy link providing one click to fix it permanently if they were ever wrong. Bad example: UPS.com making the user select the country manually before allowing them to do anything at all on the site. You don't get a cookie to save the selection unless you tick the box, where the text is in English. What that really says is “our computer program is the centre of the universe”.

If you put the UPS tracking number into the Google toolbar it jumps to the UPS page in the language of the Google page; that means Google is a better UPS.com than UPS.com.

Reg Dev: Is there a reason other than personal irritation that you have a crusade to make software not suck?

Platt: We don’t seem to be learning. With the exception of a few bright spots, user experiences seem to be getting worse rather than better. We have more information now about what users want and need and like than we’ve ever had before, and no one seems to be putting it into practice.

Reg Dev: What awaits developers who don’t stop their software sucking - from your readers?

Platt: Personal public ridicule. If you need to make a programmer do something, ensure that he’ll look stupid in public if he doesn’t.

Actually, that, it seems to us as an aside, is a reasonable argument for Open Source too, although perhaps ridicule from the Open Source community isn’t quite as useful as when it comes from “real” people.

It’s much harder to hide your mistakes in Open Source Software – and a programming virgin can build up a respectable, verifiable CV based on contributions to open source projects (an approach adopted by the Lanka Software Foundation (LSF), quoted here).®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.