Software isn't bloated

submited by
Style Pass
2021-05-21 22:30:14

A common complaint I've heard often expressed is that software today is too complex, that it could and should be dramatically simplified. We could throw out a lot of the old crap and simply start afresh. This is most definitely the case whenever a modern text editor like VS Code is discussed. Why do we need this bloated thing when Dennis Ritchie built a text editor editor in a thousand lines?

Most software is simple when it starts out. The requirements are (mostly) clear. The design (mostly) fits the requirements. The implementation (mostly) matches the design. The software is good. We are happy.

Until we find that it doesn't handle some edge cases well (like supporting non-Latin scripts used by billions of human beings). Or the spec changes because new requirements come in. Now the software begins to bloat. Extra pieces are tacked on, sometimes haphazardly. Tech debt piles on, because we lack the time to "do it right". Eventually we declare tech debt bankruptcy and start over. But the fresh project won't be any better unless the requirements are clearer or simpler.

A poster child for this kind of software is OpenSSL. Before 2014, it was used by every website on the internet to provide green padlocks ("secure") on the URL bar. OpenSSL was a behemoth of 500k lines. Some of this code was maintained, lots of it was tech debt that needed to be paid down. There was only one SSL library so if you had some quirk in your use case, some particular algorithm you needed, you would modify OpenSSL itself, adding your hack to the mountain of hacks held together by duct tape. This policy of implementing every feature led to one of the biggest security vulnerabilities ever - Heartbleed.

Leave a Comment