[8chanAnon]

Hmm. A lot of software is unnecessarily complicated. This has to do with "too many cooks" or "design by committee". The term "complex" is relative. Is a trading system complex on its own merit or is it the process of building it that is complex? I haven't worked on a major project so I can't say.

I took a programming course many years ago. Not because I needed to learn programming but to get job interviews. The instructor asked us to write some C code to perform some small task. I completed the coding in about 5 minutes and it was just two lines (my prior experience was 6502 assembly not C). Others in the class were writing screenfuls of code. I imagine that the same situation occurs on large projects where mediocre programmers write more code than required for the task. Projects get bloated and more complicated as a result.

Another anecdote. I wrote a small operating system for a piece of hardware known as "touch memory" made by a company called Dallas Semiconductor. Intriguing little device, I must say. This was 20 years ago. My boss met up with the owner of a company that was attempting to build what I had already built in just two months. His 4 programmers could not accomplish much of anything over the course of an entire year. I guess that means that I was 24 times more effective. The company went bankrupt.

The most complex project I worked on? I dunno. Maybe converting PDF into braille. Would you say that is complex? I wrote all of the code from scratch without using any third-party tools. That's another area where projects go wrong. They rely too much on closed-source middleware that their own programmers don't understand. It's a recipe for disaster.

[8chanAnon]

Oh wait. I'm working on a project right now. Never mind the PDF-to-braille thingy. How about a proxy server with HTTP, HTTPS, Socks5 and websocket? Not complex enough? How about routing to Tor and I2P? DNS and DNS-over-HTTPS? It's a local proxy server so it supports local disk access from a web browser. Trapping requests to modify them or write them to disk? The purpose is to support browser apps to do things like reading Twitter or getting Youtube videos (or whatever else you would want to write an app for).

It runs on Node.js and the entire code base is just one file (under 100k). No third-party includes.

Took me three years to get it to the point where it is now (I spent most of that time wondering what to do next).

Is that complex? Dunno. I'm trying to finish the documentation but, damn, there is so much to cover! It's a beast. That's really why I'm here. Gonna announce something soon.

[skulk]

If it's something you want others to use, why not reuse audited libraries? For something for which security is important, no one wants to audit your homegrown HTTP parser/TOR implementation/etc.

[8chanAnon]

It's not as extensive as you're suggesting. HTTP parsing is handled by Node.js and it merely connects to an existing Tor server running in the background. The thing is, if I use any kind of third-party software then I end up with much more than I'm needing. For example, what is involved in running a websocket? Mention websocket to anyone and they'll tell you that you need a package like ws or something. Fact is, basic websocket functionality can be had with a few dozen lines of code. Same with DNS. Think you need a package for that?

Besides, even a well-designed library can be fatal for security if it is not handled correctly.