The Bikeshed

RSS
Sort By:

What Went Wrong?:
Why we need an IT accident investigation board

Governments should create IT accident investigation boards for the exact same reasons they have done so for ships, railroads, planes, and in many cases, automobiles. Denmark got its Railroad Accident Investigation Board because too many people were maimed and killed by steam trains. The UK's Air Accidents Investigation Branch was created for pretty much the same reasons, but, specifically, because when the airlines investigated themselves, nobody was any the wiser. Does that sound slightly familiar in any way?

by Poul-Henning Kamp | July 13, 2021

Topic: Compliance

0 comments

More Encryption Means Less Privacy:
Retaining electronic privacy requires more political engagement.

When Edward Snowden made it known to the world that pretty much all traffic on the Internet was collected and searched by the NSA, GCHQ (the UK Government Communications Headquarters) and various other countries’ secret services as well, the IT and networking communities were furious and felt betrayed.

by Poul-Henning Kamp | March 17, 2016

Topic: Privacy and Rights

2 comments

HTTP/2.0 - The IETF is Phoning It In:
Bad protocol, bad politics

In the long run, the most memorable event of 1989 will probably be that Tim Berners-Lee hacked up the HTTP protocol and named the result the "World Wide Web." Tim’s HTTP protocol ran on 10Mbit/s, Ethernet, and coax cables, and his computer was a NeXT Cube with a 25-MHz clock frequency. Twenty-six years later, my laptop CPU is a hundred times faster and has a thousand times as much RAM as Tim’s machine had, but the HTTP protocol is still the same.

by Poul-Henning Kamp | January 6, 2015

Topic: Web Services

15 comments

Quality Software Costs Money - Heartbleed Was Free:
How to generate funding for FOSS

The world runs on free and open-source software, FOSS for short, and to some degree it has predictably infiltrated just about any software-based product anywhere in the world.

by Poul-Henning Kamp | June 19, 2014

Topic: Security

10 comments

Please Put OpenSSL Out of Its Misery:
OpenSSL must die, for it will never get any better.

The OpenSSL software package is around 300,000 lines of code, which means there are probably around 299 bugs still there, now that the Heartbleed bug which allowed pretty much anybody to retrieve internal state to which they should normally not have access has been fixed.

by Poul-Henning Kamp | April 12, 2014

Topic: Security

47 comments

Center Wheel for Success:
Not invented here syndrome is not unique to the IT world.

When I first read the claim that HealthCare.gov, the Web site initiated by the Affordable Care Act, had cost $500 million to create, I didn’t believe the number. There is no way to make a Web site cost that much. But the actual number seems not to be an order-of-magnitude lower, and as I understand the reports, the Web site doesn’t have much to show for the high cost in term of performance, features, or quality in general.

by Poul-Henning Kamp | December 20, 2013

Topic: Web Services

16 comments

More Encryption Is Not the Solution:
Cryptography as privacy works only if both ends work at it in good faith.

The recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula, "More encryption is the solution." This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.

by Poul-Henning Kamp | July 30, 2013

Topic: Privacy and Rights

16 comments

A Generation Lost in the Bazaar:
Quality happens only when someone is responsible for it.

Thirteen years ago, Eric Raymond’s book "The Cathedral and the Bazaar" (O’Reilly Media, 2001) redefined our vocabulary and all but promised an end to the waterfall model and big software companies, thanks to the new grass-roots open source software development movement. I found the book thought provoking, but it did not convince me. On the other hand, being deeply involved in open source, I couldn’t help but think that it would be nice if he was right.

by Poul-Henning Kamp | August 15, 2012

Topic: Development

152 comments

LinkedIn Password Leak: Salt Their Hide:
If it does not take a full second to calculate the password hash, it is too weak.

6.5 million unsalted SHA1 hashed LinkedIn passwords have appeared in the criminal underground. There are two words in that sentence that should cause LinkedIn no end of concern: "unsalted" and "SHA1."

by Poul-Henning Kamp | June 7, 2012

Topic: Security

36 comments

My Compiler Does Not Understand Me:
Until our programming languages catch up, code will be full of horrors.

Only lately have a lot of smart people found audiences for making sound points about what and how we code. Various colleagues have been beating drums and heads together for ages trying to make certain that wise insights about programming stick to neurons. Articles on coding style in this and other publications have provided further examples of such advocacy.

by Poul-Henning Kamp | May 21, 2012

Topic: Code

6 comments

The Hyperdimensional Tar Pit:
Make a guess, double the number, and then move to the next larger unit of time.

When I started in computing more than a quarter of a century ago, a kind elder colleague gave me a rule of thumb for estimating when I would have finished a task properly: make a guess, double the number, and then move to the next larger unit of time. This rule scales tasks in a very interesting way: a one-minute task explodes by a factor of 120 to take two hours. A one-hour job explodes by "only" a factor 48 to take two days, while a one-day job grows by a factor of 14 to take two weeks.

by Poul-Henning Kamp | January 23, 2012

Topic: Code

2 comments

The Software Industry IS the Problem:
The time has come for software liability laws.

One score and seven years ago, Ken Thompson brought forth a new problem, conceived by thinking, and dedicated to the proposition that those who trusted computers were in deep trouble. I am, of course, talking about Thompson’s Turing Award lecture, "Reflections on Trusting Trust." Unless you remember this piece by heart, you might want to take a moment to read it if at all possible.

by Poul-Henning Kamp | September 8, 2011

Topic: Privacy and Rights

48 comments

The Most Expensive One-byte Mistake:
Did Ken, Dennis, and Brian choose wrong with NUL-terminated text strings?

IT both drives and implements the modern Western-style economy. Thus, we regularly see headlines about staggeringly large amounts of money connected with IT mistakes. Which IT or CS decision has resulted in the most expensive mistake?

by Poul-Henning Kamp | July 25, 2011

Topic: Development

114 comments

The One-second War (What Time Will You Die?):
As more and more systems care about time at the second and sub-second level, finding a lasting solution to the leap seconds problem is becoming increasingly urgent.

Thanks to a secretive conspiracy working mostly below the public radar, your time of death may be a minute later than presently expected. But don’t expect to live any longer, unless you happen to be responsible for time synchronization in a large network of computers, in which case this coup will lower your stress level a bit every other year or so. We’re talking about the abolishment of leap seconds, a crude hack added 40 years ago, to paper over the fact that planets make lousy clocks compared with quantum mechanical phenomena.

by Poul-Henning Kamp | April 6, 2011

Topic: Development

34 comments

B.Y.O.C. (1,342 Times and Counting):
Why can’t we all use standard libraries for commonly needed algorithms?

Although seldom articulated clearly, or even at all, one of the bedrock ideas of good software engineering is reuse of code libraries holding easily accessible implementations of common algorithms and facilities. The reason for this reticence is probably because there is no way to state it succinctly, without sounding like a cheap parody of Occam’s razor: It is pointless to do with several where few will suffice.

by Poul-Henning Kamp | February 17, 2011

Topic: Development

12 comments

Sir, Please Step Away from the ASR-33!:
To move forward with programming languages we need to break free from the tyranny of ASCII.

One of the naughty details of my Varnish software is that the configuration is written in a domain-specific language that is converted into C source code, compiled into a shared library, and executed at hardware speed. That obviously makes me a programming language syntax designer, and just as obviously I have started to think more about how we express ourselves in these syntaxes.

by Poul-Henning Kamp | October 25, 2010

Topic: Programming Languages

86 comments

You’re Doing It Wrong:
Think you’ve mastered the art of server performance? Think again.

Would you believe me if I claimed that an algorithm that has been on the books as "optimal" for 46 years, which has been analyzed in excruciating detail by geniuses like Knuth and taught in all computer science courses in the world, can be optimized to run 10 times faster? A couple of years ago, I fell into some interesting company and became the author of an open source HTTP accelerator called Varnish, basically an HTTP cache to put in front of slow Web servers.

by Poul-Henning Kamp | June 11, 2010

Topic: Performance

85 comments