[Veserv]

“Civilization in decline” is overstating the problem.

It is a common refrain that performance and security are poor because they are not priorities. The corollary being that the only reason things are slow and insecure is because we do not try to make them fast and secure due to incentives. If the industry were incentivized, then wham-bam secure and fast. Right now.

That is wrong. The incentives against fast and secure have been going for so long that the institutional knowledge, if it even existed previously, is not present. Programmers have spent their entire careers not knowing how to make things fast or secure. They do not know how to make things fast or secure, right now, even if the incentives changed. Making things slow is not a tradeoff or a choice as they do not even know (right now) how to do the alternative.

Yes, if the incentives changed then the industry as a whole could relearn how to do things over years and decades. The individuals who adapt and learn the new techniques that are now incentivized would thrive and come to dominate the industry. But, it is a relearning process, not a overnight thing.

This is analogous to the loss of manufacturing expertise in the US due to offshoring and then the process of onshoring. You must rebuild the knowledge and experience. Except it is even worse in this case because you can not even bring the offshore experts to re-teach you what you have forgotten. You have to learn from the scraps of forgotten lore and rediscover and reinvent what was lost.

This is more like the loss of knowledge involved in making the Saturn V rocket. Sure, we could make a new Moon rocket if the incentives aligned, hell, we could probably make a better one with modern technology, but we can not do that right now. We must relearn and retool to achieve that.

That is the problem they are seeing, whether they actually realize what is happening or not, and it is a serious problem if we need to make a sudden course correction to achieve these goals if they suddenly become incentivized (*cough* security *cough*). If we decide to change when we need it right now, then we are in for a rough few years to decades.

[mustache_kimono]

> It is a common refrain that performance and security are poor because they are not priorities. > We must relearn and retool to achieve that. That is the problem they are seeing, whether they actually realize what is happening or not.

I think I broadly agree.

I'd say -- I'm not sure we ever really knew how to be fast and secure. I think our problems re: memory safety and remote exploits, etc., are pretty relatively new.

I'd also say that this yearning for a forgotten yesterday is somewhat understandable, though mostly weird, a kind of tech revanchism.

My problem with Blow, et. al. is probably that they don't frame these as simply cultural differences or matters of priorities, whether or not, if the culture shifted, results could be achieved immediately or otherwise. Instead it is always a great big catastrophe.

Seriously -- I think he does it because it sells more games if the games are produced by some mercurial genius, by the Last Keeper of the Flame.

[Veserv]

Having seen some of their talks, I do not think they realize the underlying problem and understand its manifestation. They just see that their “fellows” churn out slow software without even understanding how to make things fast due to tradeoffs that society has made on their behalf that left their fellows with no knowledge of performance optimization. They feel a sense of wrongness that things are so different across the aisle, but can not put their finger on it precisely.

The incentives in their industry support performance. They look around confused at the rest of the world with different incentives. And they keep running into people who say: “We can make it fast if it is incentivized” and then do a amateurish job, despite seeming to be professionals, because they lack the institutional knowledge that is commonplace in the games industry. They are amateurs (in this field) due to long-term societal incentives despite having all the other trappings of competence. It is like being Chinese and seeing a regular grown adult being unable to use chopsticks; jarring and bizarre if you lack the context that they do not use chopsticks in their home country.

It also leads to what, from their perspective, are incongruous tradeoffs. They see a 10x speedup that would take a month to implement. The developers say that is a worthy tradeoff, but they do not do it, why? Well, they lack the institutional knowledge. To reinvent all of the knowledge and technologies that would make that 10x speedup take a month would take 5 years assuming they even recognized the opportunity. 5 years for a 10x speedup is not worth it, but 1 month is; it is the researched tech tree that makes the difference and allows worthy tradeoffs to be implemented efficiently. Losing tech and knowledge leads to losing the ability to even make those tradeoffs.

[xyzzy123]

I can think of 50 things which would make the project I'm on faster, better and more secure but the business is not particularly interested in them right now.

The business wants its stated requirements met (plus a short list of key non-functionals) while minimising cost. Performance is not even specified. I don't think there's any "lost knowledge" involved in this particular case, they just don't want to pay me to make it better than it needs to be.

Doing my job well means minimising the time (and by implication the attention and effort) I put in to the software.

This seems quite directly opposed to the artisanal ethos.

[soco]

An artisan was historically a guy working for himself in a small market shop, carving at a chair or sewing leather shoes. The masons tasked to build the castle walls were not "artisans" so there we could see the same focus on efficiency - although a bit of beauty had still its place here and there. My point? Today we don't have those artisan shops, just expectations from regular masons to carve gargoyles at every wall corner.

[musicale]

Changing the incentives still sounds like it might be a good first step.

Here is a call from the pre-crowdstrike era:

https://cacm.acm.org/practice/the-software-industry-is-still...

Which is a follow-on to an article from 2011:

https://cacm.acm.org/practice/the-software-industry-is-the-p...