If It’s Worth Having, It’s Worth Working Hard For

For anyone who’s been perusing proggit over the last few days, you’ve most likely seen the article Computer Science Education: Where Are the Software Engineers of Tomorrow?. The article is an opinion piece in which the authors outline why Computer Science curriculums are quickly degrading, and what effect it is having on the computer industry as a whole. A number of other bloggers have responded in support of this article, and now I’d like to throw my hat into that ring as well, if for nothing else than the simple reason that they’re absolutely right.

The reality of life that seems to escape nearly everyone out there is that programming is hard. It is. It really is. Anyone who tells you different is lying, and anyone who feels a programming language or an IDE can completely negate the difficulty of programming is kidding themselves and everyone around them.

I think the main reason everyone believes that programming is easy, is because they tend to measure the degree of difficulty in terms of one metric and one metric only: ‘Can you write a program that runs?’ While I don’t deny that that is an important metric, there are many other metrics that matter quite a bit, but most people miss, because they (incorrectly) underestimate their impact.

One good example is runtime. Sure, that program you wrote in college to sort 100 numbers via bubble sort is pretty quick, runs in like under a second. So now that you can write a program to sort things, you decide to work for Google. Now your code is being used to sort hundreds of things. Thousands. Millions. Billions. Hmmm, that O(n^2) runtime isn’t looking so hot. Writing the bubble sort was easy. Understanding why its runtime of O(n^2) is bad (or even what O(n^2) means) is hard.

Another example is security. Sure, that home-rolled CMS you did in PHP rocks. It lets you do alot. But are you absolutely sure it doesn’t contain any XSS attacks? Are you 100% positive that tomorrow you won’t see a vulnerability report on BugTraq stating that unauthenticated users can gain admin rights? Typing out the PHP was easy. Identifying and eliminating its security vulnerabilities is hard.

I know that some readers will say that these metrics aren’t really all that important, and that things like scalability and security don’t matter. But, to paraphrase a line from Mudge’s keynote speech at Blackhat ’99, you are making that assumption for everyone who uses your software. You’re assuming they won’t be relying on your software to be secure or scale well. And, as history has shown many times in the past, that is an incredibly dangerous assumption.

A little knowledge is a dangerous thing. Studying C for 24 hours might give you the ability to write a useful little program. But it can’t explain why it’s a bad idea to open and close a handle to file every time you write to it, and then write to that file thousands of times a second. It can’t explain why not checking the length of a user-inputted string you plan on copying to a static buffer is a vulnerability. Heck, it probably won’t even be enough to help you use a debugger to find out why your program keeps segfaulting!

I see it as being analogous to medicine. To come up with a proper treatment, doctors need to have an exact diagnosis. To have an exact diagnosis, doctors need to know exactly what is going on in the body. And the only way they can do that is to have a total and complete understanding of how the body works. They can’t just skimp out and decide “Oh, the circulatory system’s not that important.” They can’t just say “Heart trouble? Here, have some asprin.” Sure, the asprin might stop the pain temporarily, but in the long run, the patient will suffer even more, and probably die.

Likewise in computer science, not understanding what’s going on at every single level makes you unable to diagnose or fix problems. Sure, you can write code that will work ok now, under these circumstances. But what if those circumstances change? How will you know how those changes have affected your program? How will you know that whatever solution you come up with actually fixes the problem?

Programming is hard. I know places like ITT Tech, and the University of Phoenix want you to believe differently, but this is not a ‘get rich quick’ field. Peter Norvig wrote that obtaining expertise in the field of programming takes about ten years, and I honestly believe that. So unless you’re willing to invest ten years of hard work (at least), I suggest you find a different profession.

8 thoughts on “If It’s Worth Having, It’s Worth Working Hard For”

  1. I agree completely, there is an entire class of programmers out there who believe they will get rich quick in this line of work, but simply have no real aptitude for it. Programming is not only hard, it takes a special way of thinking, Its the blend of math and engineering, with music and sculpture, focused in a procedural box of a language that you _need_ to think outside of to be successful, that not everyone can do. You have to have that ability before you can even hope to become an adept. Some people could study for ten years, working hard, and never become even mediocre. I would hope they would burn out sooner, find a line of work where they can flourish and be happy, but the current belief that computers are where the money is, has a lot of people trying to be something they are not.

  2. Grammar is hard, too, apparently. ;-) “It’s” is not a possessive, it’s a contraction of “it is”. So you mean “its runtime” and “its security vulnerabilities”.

    Feel free to delete this comment – I’m trying to be helpful, not a grammar nazi, and meta-discussion like this isn’t helpful once you’ve fixed the error. ;-)

  3. @Phillip:

    Thanks for catching my error. I guess I rely on those red squiggly lines in WordPress’ editor just a little too much. ;-)

  4. ^^^ I’m guilty of that sin myself, my mother is an English major. I guess I do not make her proud in that regard.

  5. 10 years: a couple of years ago I would’ve agreed. Now that I have more experience, I say 15 (as the book “Software Craftsmanship” asserts).
    I still have

  6. Comments chopped after less than character… I still have less than 10 years experience and will feel better when I have 15.

  7. I’d say it’s far more than 10 years. Admittedly, I was very young when I started programming, so it might be the case that the 16 or so years of experience I have has helped me less than it would have if I had started today and gone for just 10 years with the advantage of already having some more wisdom from age, but even now I have a lot to learn, and there is yet more to learn every day. I sometimes get a bit conceited sometimes (I try to keep it to myself at least), but in the big picture I’m just another nobody programmer.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>