Wirth's Revenge - Hacker News

Posted by signa11 2 days ago

201 points | 97 commentspage 3

lo_zamoyski 1 day ago|

Wirth's complaint makes sense when the utility of software remains constant (or degraded) in relation to rising costs of providing that utility. But we must clarify what "cost" means here (and the relevant costs are all ultimately economic costs), because this can explain the contours of why software is written the way it is. We also should clarify "utility".

Economically, something like memory is in the vicinity of 10 orders of magnitude cheaper today relative to 1970 (a). Similar things can be said about processors. This means the incentive to invest costly engineering resources (b) into optimizing software is very low. In terms of energy, a CPU instruction is at least millions of times more energy efficient today (c). That's another big economic disincentive. Furthermore, time spent optimizing is time not spent doing product development (d). A slower product on the market can be better than late market entry.

So we have production costs of hardware (a), production costs of software (as a function of time)(b), energy costs of hardware (c), energy cost of running software (c), and opportunity cost of late market entry (d). There's also the time cost of running software (e).

(a) is cheaper;

(b) depends on your measurement of utility;

(d) means unoptimized software tends to be cheaper;

(e) depends on your measurement of utility;

So (b) and (e) are where Wirthian arguments can focus.

However, AI may yet play a major role in optimizing software. They are already being used in this space.[0]

W.r.t. complexity, one consequence of abstraction is that it further decouples the cost of an operation from the difficulty of implementation. Of course, the two were never identical to begin with. It is easier to implement bubble sort than quick sort, easier still to come up with it when you have no knowledge of sorting algorithms. But greater abstraction is better at concealing computational complexity. The example involving ORMs is a good one. When you have to write SQL by hand, you have a clearer picture of the database operations that will be performed, because the correspondence between the operations and what the database is doing is tighter. ORMs, on the other hand, create an abstraction over SQL that is divorced from the database. Unless the ORM is written in some crafty way that can smartly optimize the generated SQL (and optimizers have their limitations), you can land yourself in exactly the situation the author describes.

W.r.t. learning from LLMs, that is perhaps the better application in many cases, as a kind of sophisticated search engine. The trouble is that people treat LLMs as infallible oracles. Another issue is that people seem not to care about becoming better themselves. You see this with thought experiments where we posit some AI that can do all the thinking and working for us. Many if not most people react as if this makes human beings "obsolete"...which is such a patently absurd and frankly horrifying and obscene notion that it can only be an indictment of our consumerist culture. Obsolete with respect to what? A human life is not defined by economic utility. Human purpose is not instrumental. Even if an AI understood philosophy, science, etc., if I don't understand them, then I don't understand them. I am no better for it when someone or some fictional AI does. I am made no wiser.

[0] https://arxiv.org/abs/2503.15669

miniBill 1 day ago||

Per Betteridge's: no

jongjong 1 day ago||

We haven't yet lost the war against complexity. We would know if we had, because all software would grind to a halt due to errors. We're getting close though; some aspects of software feels deeply dysfunctional; like 2FA and Captcha - They're perfect examples of trying to improve something (security) by adding complexity... And it fails spectacularly... It fails especially hard because those people who made the decision to force these additional hurdles on users are still convinced that they're useful because they have a severely distorted view of the average person's reality. Their trade-off analysis is completely out of whack.

The root problem with 2FA is that the average computer is full of vulnerabilities and cannot be trusted 100% so you need a second device just in case the computer was hacked... But it's not particularly useful because if someone infected your computer with a virus, they can likely also infect your phone the next time you plug it in to your computer to charge it... It's not quite 2-factor... So much hassle for so little security benefit... Especially for the average person who is not a Fortune 500 CEO. Company CEOs have a severely distorted view about how often the average person is targeted by scammers and hackers. Last time someone tried to scam me was 10 years ago... The pain of having to pull up my phone every single day, multiple times per day to type in a code is NOT WORTH the tiny amount of security it adds in my case.

The case of security is particularly pernicious because complexity has an adverse impact on security; so trying to improve security by adding yet more complexity is extremely unwise... Eventually the user loses access to the software altogether. E.g. they forgot their password because they were forced to use some weird characters as part of their password or they downloaded a fake password manager which turned out to be a virus, or they downloaded a legitimate password manager like Lastpass which was hacked because obviously, they'd be a popular target for hackers... Even if everything goes perfectly and the user is so deeply conditioned that they don't mind using a password manager... Their computer may crash one day and they may lose access to all their passwords... Or the company may require them to change their password after 6 month and the password manager misses the update and doesn't know the new password and the user isn't 'approved' to use the 'forgot my password' feature... Or the user forgets their password manager's master password and when they try to recover it via their email, they realize that the password for their email account is inside the password manager... It's INFURIATING!!!

I could probably write the world's most annoying book just listing out all the cascading layers of issues that modern software suffers from. The chapter on security alone would be longer than the entire Lord of the Rings series... And the average reader would probably rather throw themselves into the fiery pits of Mordor than finish reading that chapter... Yet for some bizarre reason, they don't seem to mind EXPERIENCING these exact same cascading failures in their real day-to-day life.

ontouchstart 1 day ago||

If you read that Wirth 1995 paper (A Plea for Lean Software) referenced by the OP, following paragraphs answered your question:

“ To some, complexity equals power

A system’s ease of use always should be a primary goal, but that ease should be based on an underlying concept that makes the use almost intuitive. Increasingly, people seem to misinterpret complexity as sophistication, which is baffling — the incomprehensible should cause suspicion rather than admiration.

Possibly this trend results from a mistaken belief that using a somewhat mysterious device confers an aura of power on the user. (What it does confer is a feeling of helplessness, if not impotence.) Therefore, the lure of complexity as sale incentive is easily understood; complexity promotes customer dependence on the vendor.”

I am typing (no screenshots or copy and paste) this 30 year old wisdom in to reply here as an archived reminder for myself.

sevensor 1 day ago||

I know competent adults whose login flow for most websites is “forgot password.” Might be better off writing your passwords on post it notes at that point.

amatecha 1 day ago|||

I've seen a few sites where the login flow is simply entering your email address and you get a time-limited login link sent to you. You never create any password at all. I was skeptical at first but I've found it seems to work pretty decently.

Attrecomet 1 day ago||

This could not be a more picture perfect example of a Wirth-suboptimal engeneering decision as per the article if it were designed for that. The amount of slowdown to run to the emails, wait for reception, open, copy, paste instead of using the sensible flow of password manager integration is huge. But people will use wasteful processes if they just don't need to change them, so what are you gonna do?

amatecha 47 minutes ago||

well, yeah, I mean a local 2fa code app (or integrated passwd manager as you say) is definitely simpler. the "just enter an email and paste in the code you got emailed" is the most foolproof because people don't lose access to their email nearly as often as they lose their phone (2fa app) or forget their password. /shrug

jongjong 1 day ago|||

Whenever some website asks me to use specific weird characters in my password. I have to write it down on a post-it note and put it in the top drawer of my desk.

The irony is that the websites which require such passwords are often low-importance.

casey2 1 day ago||

It's inevitable even if it's unnecessary. Capitalism necessitates 6% growth year on year. Since IT services are the growth sector of course 25% of power will go to data centers in 2040

The EU should do a radical social restructuring betting on no growth. Perhaps even banning all American tech. A modern Tokugawa.

iberator 1 day ago||

[flagged]

zombot 1 day ago||

Your comment indicates you may be the subject of the following quote: "Those who cannot remember the past are condemned to repeat it."

pseudony 1 day ago||

Have you considered that the article might be fine, but it’s more a case of you not getting the point ?