For anyone who’s been perusing proggit over the last few days, you’ve most likely seen the article Computer Science Education: Where Are the Software Engineers of Tomorrow?. The article is an opinion piece in which the authors outline why Computer Science curriculums are quickly degrading, and what effect it is having on the computer industry as a whole. A number of other bloggers have responded in support of this article, and now I’d like to throw my hat into that ring as well, if for nothing else than the simple reason that they’re absolutely right.
The reality of life that seems to escape nearly everyone out there is that programming is hard. It is. It really is. Anyone who tells you different is lying, and anyone who feels a programming language or an IDE can completely negate the difficulty of programming is kidding themselves and everyone around them.
I think the main reason everyone believes that programming is easy, is because they tend to measure the degree of difficulty in terms of one metric and one metric only: ‘Can you write a program that runs?’ While I don’t deny that that is an important metric, there are many other metrics that matter quite a bit, but most people miss, because they (incorrectly) underestimate their impact.
One good example is runtime. Sure, that program you wrote in college to sort 100 numbers via bubble sort is pretty quick, runs in like under a second. So now that you can write a program to sort things, you decide to work for Google. Now your code is being used to sort hundreds of things. Thousands. Millions. Billions. Hmmm, that O(n^2) runtime isn’t looking so hot. Writing the bubble sort was easy. Understanding why its runtime of O(n^2) is bad (or even what O(n^2) means) is hard.
Another example is security. Sure, that home-rolled CMS you did in PHP rocks. It lets you do alot. But are you absolutely sure it doesn’t contain any XSS attacks? Are you 100% positive that tomorrow you won’t see a vulnerability report on BugTraq stating that unauthenticated users can gain admin rights? Typing out the PHP was easy. Identifying and eliminating its security vulnerabilities is hard.
I know that some readers will say that these metrics aren’t really all that important, and that things like scalability and security don’t matter. But, to paraphrase a line from Mudge’s keynote speech at Blackhat ’99, you are making that assumption for everyone who uses your software. You’re assuming they won’t be relying on your software to be secure or scale well. And, as history has shown many times in the past, that is an incredibly dangerous assumption.
A little knowledge is a dangerous thing. Studying C for 24 hours might give you the ability to write a useful little program. But it can’t explain why it’s a bad idea to open and close a handle to file every time you write to it, and then write to that file thousands of times a second. It can’t explain why not checking the length of a user-inputted string you plan on copying to a static buffer is a vulnerability. Heck, it probably won’t even be enough to help you use a debugger to find out why your program keeps segfaulting!
I see it as being analogous to medicine. To come up with a proper treatment, doctors need to have an exact diagnosis. To have an exact diagnosis, doctors need to know exactly what is going on in the body. And the only way they can do that is to have a total and complete understanding of how the body works. They can’t just skimp out and decide “Oh, the circulatory system’s not that important.” They can’t just say “Heart trouble? Here, have some asprin.” Sure, the asprin might stop the pain temporarily, but in the long run, the patient will suffer even more, and probably die.
Likewise in computer science, not understanding what’s going on at every single level makes you unable to diagnose or fix problems. Sure, you can write code that will work ok now, under these circumstances. But what if those circumstances change? How will you know how those changes have affected your program? How will you know that whatever solution you come up with actually fixes the problem?
Programming is hard. I know places like ITT Tech, and the University of Phoenix want you to believe differently, but this is not a ‘get rich quick’ field. Peter Norvig wrote that obtaining expertise in the field of programming takes about ten years, and I honestly believe that. So unless you’re willing to invest ten years of hard work (at least), I suggest you find a different profession.