Monthly Archives: April 2007

Performance vs. Maintenance

Leave a reply

I’ve been writing software as a job for a few years now, and I think there is one common theme that seems to recur. There is never enough time to get everything done. The proper solution to this problem is one or a combination of three basic ideas: bring in more resources, come to a compromise, or increase productivity. The first two alternatives are not very appealing because businesses generally want to offer a good product and not spend a lot of money building it. Increasing productivity, therefore, seems to always be a good goal to keep in mind.

When writing software, one of the things we are all taught to do is pay attention to performance. We analyze algorithms, figure out their big-O complexity in terms of computing and memory usage and pick the best one. I always hated that part of school with a passion. Perhaps that makes me biased. I agree, however, that you need to keep performance in mind.

For me, performance has always been just that. Something on my mind, but not usually directly applied. I prefer to pay attention to elegance and the architecture that supports the code. I think, in general, if you pay attention to the architecture and keep things simple, the performance works itself out. You do have to think about performance, but don’t let it compromise the elegance of your code. Once the application is deployed and/or load tested (depending on the flexibility of redeployment), you can fix any performance problems, and sacrifice elegance if it comes down to it.

Security

Leave a reply

So, it is tax season and I have been taking care of some housekeeping items with my personal finances. If you have messed around with banks and online and even telephone access, you probably noticed that there are some seriously draconian security measures in place these days. In most cases it seems like there is some combination of impossible requirements for the password combined with a requirement that you change it frequently and don’t use a password you have used before.

The end result of all this is that it is impossible to come up with passwords that you can actually remember. With that in mind, you have two choices. You can write down your password (which pretty much destroys the purported security being enforced) or you can call up their support line and have them reset your password each time you need to access whatever obscure service it is they are providing. In other words, the situation is a mess.

Various technical solutions exist for this problem, and sometimes they are used. For example, the place I work uses SecurID for VPN access sometimes. The problem is, they generally cost a lot of money and aren’t standardized. Anyway, I think there’s a lot of opportunity in this field, but I think it would make sense to approach it in an innovative way. Instead of trying to capitalize on it immediately, I think it makes sense to build something everyone can use, maybe making it free, standardized or open source. Once a standard takes hold, then there will be opportunity to provide enhancement for profit.