Can We Trust the Code We Can't See?

The world of software development is a complex and often mysterious place. With the rise of open-source libraries and frameworks, it's easier than ever to build complex applications quickly and efficiently. But this convenience comes at a cost: many developers are relying on code they don't fully understand.

This phenomenon is reminiscent of the "Green Lumber Fallacy," a term coined by Nassim Nicholas Taleb to describe situations where people mistake irrelevant knowledge for essential knowledge. In the case of software development, this fallacy can lead to a lack of understanding of the underlying code, making it difficult to identify and fix errors.

Jimmy Wales, the founder of Wikipedia, recently called out a rival encyclopedia, Grokipedia, as a "cartoon imitation" of his own project. While the two projects may seem similar on the surface, Wales' criticism highlights the importance of understanding the underlying code and values that drive a project. Wikipedia's commitment to transparency and community-driven editing has made it a trusted source of information, while Grokipedia's lack of transparency and reliance on automation has raised concerns about its accuracy.

In the world of cryptography, the stakes are even higher. A recent bug in the aes-js and pyaes libraries, which provide a default IV in their AES-CTR API, has led to a large number of key/IV reuse bugs. This bug has potentially affected thousands of downstream projects, highlighting the importance of careful craftsmanship in cryptography.

But what can be done to promote a culture of craftsmanship in software development? One approach is to emphasize the importance of understanding the underlying code. This means avoiding the "magic" of libraries and frameworks that promise to make development easier, but ultimately reduce agency and control.

As one developer noted, "I don't like using code that I haven't written and understood myself." This approach may seem old-fashioned in an era of rapid development and deployment, but it's essential for building trust in the code we write.

Another approach is to promote transparency and community involvement in software development. Projects like Wikipedia and Linux have shown that open-source development can lead to more secure and reliable software. By involving a community of developers in the development process, we can identify and fix errors more quickly, and build trust in the code we write.

Ultimately, the tension between craftsmanship and carelessness in software development is a complex issue that requires a multifaceted approach. By emphasizing the importance of understanding the underlying code, promoting transparency and community involvement, and avoiding the "magic" of libraries and frameworks, we can build trust in the code we write and create more secure and reliable software.

As we move forward in an increasingly complex and interconnected world, it's essential that we prioritize craftsmanship and transparency in software development. Only by doing so can we build trust in the code we write and create a more secure and reliable digital future.

Sources:

• "Green Lumber Fallacy in Software Engineering"
• "An Unbothered Jimmy Wales Calls Grokipedia a 'Cartoon Imitation' of Wikipedia"
• "Carelessness versus Craftsmanship in Cryptography"
• "I Don't Like Magic"
• "Show HN: Local-First Linux MicroVMs for macOS"