Software decadence

If you are in a line of work that I am in, where you either host websites and applications or modify software from third party you are probably bound to hit some good examples of bad software development.

More… Granted, there’s a lot of people that develop software out there in the world and of course not everyone will be very good at it. It just strikes me how often these days I come across software that just has bad design, if any. It’s not just sloppy coding; it’s a complete lack of structure or a quasi-systematic implementation of ideas that were never thought trough.

There are several factors that play part in the huge amounts of malware out there but I believe the 2 biggest reasons are 1) an increasing number of users and communities that are in need of some tooling or automation and 2) the relative low threshold for developing software these days.

The first factor can be identified as a demand; people are more and more engaged into (on-line) activities.

The best example of this is probably the larger gaming communities, especially those that tend to form groups of players like guilds or clans, which in turn leads to organized game-play. With this comes the desire for tooling, which helps to organize and administrate.

The explosive growth such on-line communities and the varying demands and requirements of these communities have played parts in the smaller software development projects that emerge like mushrooms in forest soil.

The second factor is the wide-spread availability of open source tools, which are free of charge and not too hard to utilize. Especially the LAMP setup has lead to a lot of amateur coding projects.

Unfortunately as much as you can find on line resources on writing PHP or Perl code, there is very little attention for the actual design of software. Few coders stop to think how to structure their software and even fewer take the time to consider their data model. Concepts such as modularity, scalability, portability and security (to name a few) in general don’t even come to mind, which to me is a rather alarming development.

The reason why this is so alarming is that unsuspecting users simply install the tools without regard of what effects it might have on them. Bad software can take down entire servers due to behavior not foreseen by a scripters. I’ve personally seen a script of 20 kilobytes and a database of maybe 60-thousand records take down a web/database server set-up, simply because no attention was given to traffic characteristics or the data model of the database. Such mistakes can end up being really costly.

Even worse still, with simple tricks a lot of sites end up being a UCE hub because their mail forms are vulnerable to code injection. Compromised databases yield e-mail addess/password combinations that puts their users at risk of losing their hotmail/gmail accounts (because most people don’t tend to alternate passwords). Worse still, entire systems get rooted by arbitrary code execution as a result of bad programming, allowing the script kiddies to take over a system and use it as a hub for network scanning, brute force attacks on other servers and other malicious activities.

I believe that every coder that releases scripts, tools or entire applications to the public has a responsibility to make sure the code they submit is of some quality. In the day and age we live in these days the hordes of scripters simply cannot afford to be lax about such matters, because there’s an equally active group out there, which will exploit ever opportunity to take over yet another system. In my opinion, this is a hoster’s biggest nightmare.

Thus I urge starting scripters and coders alike to take interest in the matter you are working with. Take time to study the PHP and MySQL manuals and learn there’s more than just the syntax. So read articles on good coding practices and take time to design your data model to fit your need.

But the most important suggestion I can give you is: think before you code.