Mastodon Feed
Boosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
mnl@hachyderm.io ("mnl mnl mnl mnl mnl") wrote:
I know this might sound obvious, but not a single human understands the code they run into production. What the machine runs is, from the cpu microcode (we know it is security relevant) to the os to the userland OS libraries (the filesystem, the network stack, the memory management, the scheduler, all eminently security relevant) to the libraries and frameworks to finally something that someone on your team might have some knowledge of. This does not include cloud orchestration and remote services and things that might be entirely out one developers visibility.
Some developers are more aware of these complexities than others, but from my experience, 90% of developers think that last part of the chain is “all the code”, and the other 10% usually suffer a lot of BS because of it, since their work is out of the realm of comprehension of the rest.
I’m not advocating for yeeting an entire rewrite to the world after just 6 days of building, but the issue here is not the fact that no one has read the code.
What allows us to push so much code into production is that we built abstractions and patterns that allow us to trust the code we haven’t written to behave in a reasonable manner and not fuck with our stuff too much. One part we can gain trust is by studying it (which usually also doesn’t involve reading the full code, I have a reasonable understanding of how some parts of Linux work, but haven’t read most of the code. Its actual complexity would melt my head, so I’m staying at surface APIs and experiments and textbooks and articles), another is by just running it and fucking with it long enough that we trust that it’s good enough, especially if a lot of other people do the same (this is probably the most important trust metric). The tiniest trust metric imo is having looked at the code within the context of a code review, especially with the dismal UIs we have for that purpose. They by design contain the things that get reviewed to that tiny layer on top, and even within that last codebase, actively hide away systemic complexities and things like “is there other code here that might be relevant”.
1/