Geekonomics — Don’t let the cute title fool you; this is serious stuff

Every once in a while I encounter someone’s work whose sanity of argument, integrity of passion, and elegance of expression convinces me in an instant that I have found a comrade. Recently reading the new book Geekonomics by David Rice was such an encounter.

Rice is a prophet, and like most true prophets, what he is saying is something you won’t like hearing. Geekonomics warns against the dangers of software. That’s right—software—which we rely upon every day to a rapidly increasing degree. Rice is no crackpot or self-proclaimed guru looking to make a quick buck with this book. His warnings are akin to those of Alan Cooper in The Inmates are Running the Asylum and my own as well. While Cooper and I rail against software’s inexcusable dysfunctionality, however, Rice points out very real dangers that threaten the world. Most software is bad, not just because it is much harder to use and far less effective than it ought to be; it is also insecure, which invites danger. The more we rely on software, the more vulnerable we are to the whims of those who would do harm.

Earlier this year, the country of Estonia, “the most wired nation in Europe,” was crippled for more than two weeks by cyber attacks that were launched by Russian hackers. These attacks so overwhelmed Estonia that its leaders had no choice but to sever the country’s connection to the Internet, and “with it the country’s economic and communications lifeline to the rest of the world” (from the preface of Geekonomics, David Rice, published by Addison-Wesley, 2007). Why was Estonia attacked? “The Russian government objected to Estonia’s removal of a Soviet-era war memorial from the center of its capital, Tallinn, to a military cemetery.” By becoming well wired, Estonia had inadvertently become highly vulnerable to attack. Why? Because it relied on an infrastructure—software—that was insecure.

Geekonomics does not address data visualization in particular, which is the focus of this blog, this entire website, and my work. Rather, it explains the fundamental reasons why software of all types usually fails to deliver what we need, especially security, and the threat that this failure invites. The dangers that Rice describes are on the scale of global warming. Did this statement get your attention? Good, because it’s true, and the magnitude and imminence of this problem deserves your attention. Just like the threat of global warming, we dare not ignore the threat of insecure software, because software has become the infrastructure of the modern world.

Rather than saying more about this book, I’ll let it speak for itself by including a couple of quotes, which should whet your appetite. I’ll begin with Rice’s synopsis of the book’s arguments.

There are three primary themes in Geekonomics:

  • First, software is becoming the foundation of modern civilization; software constitutes or will control the products, services, and infrastructure people will rely on for a wide variety of daily activities from the vital to the trivial.
  • Second, software is not sufficiently engineered at this time to fulfill the role of “foundation.” The information infrastructure is the only part of national infrastructure that is destructively tested while in use; that is, software is shipped containing both known and unknown weaknesses that software buyers are made aware of and must fix only after installation…The consequences are already becoming apparent and augur ill for us all.
  • Third, important economic, legal, and regulatory incentives that could improve software quality, reliability, and security are not only missing, but the market incentives that do exist are perverted, ineffectual, or distorted. Change the incentives and the story and effects of insecure software change also.

Rather than fixing the problems in their software, most vendors spend their time cramming new features as quickly as possible into each release—new features that are rarely used.

So why, then, would software vendors provide an increasing and ever more fantastic array of features in applications when it is clear that users do not use newer features, and additional features tend to promote the very unreliability that keeps users from enjoying new features in the first place?

Compared to sufficient testing and proper security development practices, features are much less expensive to implement and provide an easier method for users to differentiate products even if newer features are not employed in practice. From a business perspective, even if features are irrelevant to a purchaser from a functionality perspective, features are not irrelevant to the software vendors where it counts most: the point of sale.

For the copious time and effort consumers spend comparing one list of features against another, the software vendor understands that the number of features matters more than anything of true consequence, whether quality, reliability, and/or security.

Geekonomics is not only an important book, it is also a good book. Rice is smart and thoughtful, and he knows how to write. If you rely on software (and who doesn’t?), you should read this book. If you produce software, you should read this book. You might not like what you read, but you need to hear it, and we all need to do something about it.

Take care,

Signature

7 Comments on “Geekonomics — Don’t let the cute title fool you; this is serious stuff”


By Robert. December 13th, 2007 at 12:19 pm

A-men!

Also, sounds like this Geekonomics book is a much better book than the similarly-named ‘Freakonomics’ (freakonomics was very repetitive, with only a few tidbits of thought-inspiring prose, in my opinion). I’ll have to give this Geekonomics book a read-through…

Move over Oprah! - Stephen Few is recommending books now! ;)

By KC. December 13th, 2007 at 12:37 pm

One constraint on our ability to apply pressure to vendors is their conspiracy to only provide monolithic stacks of infested code. If I could micro-pay for functionality that worked and provide feedback when it didn’t then it would likely change the cost equation for adding new features. EBay SOA anyone?

By Tony. December 13th, 2007 at 1:33 pm

Sounds like a good arguement for open-source! With open-source you are more apt to get innovation and useful/logical features. Open-source also typically provides increase security and reliability with low overhead.

By Stephen Few. December 13th, 2007 at 2:43 pm

Tony,

Actually, this turns out to not be the case, according to Rice. He dedicates an entire chapter to open source software and shows that open source software, despite the good intentions, probably presents more risk than commercial software. You ought to read the book and let us know what you think of Rice’s argument after you’ve had a chance to consider them.

By Tony. December 13th, 2007 at 3:19 pm

Very interesting… I will have to pick it up. Perhaps a little stocking stuffer from “Santa” (a.k.a Amazon).

Thanks for sharing!

By Sheetal. December 13th, 2007 at 5:25 pm

Thanks Stephen
Security of systems and data are usually very high on peoples checklist of things to ensure. Then with day to day distractions many people can easily overlook this issue.

Your point exactly …

it explains the fundamental reasons why software of all types usually fails to deliver what we need, especially security.

PS. We saw you in Sydney thanks again!

By Andrew. December 14th, 2007 at 10:53 pm

The most disturbing example I can think of is the MS *.doc format (from Word) which still remains seriously flawed.

Given the huge numbers of Word users out there and the years Word has been in development, it strikes me as almost criminal that the basic format specs have never been cleaned up and fully revised. It also makes it very difficult for other developers to create alternative Office Suites that support MS formats. Sun have done a more than decent job with Open Office as have German company SoftMaker.

As an IT consultant I speak with graphics, accounts people, legal secretaries about this every week. These people are under pressure to put together well presented documents that are easy to read and that often carry a mix of detailed technical information, charts, images and diagrams. The bigger the document, the more hell it is. These are all advanced users with years of experience in DTP.

If the future is “civilisation-as-software” we’d agree that text based formats are a big part this foundation. We have to get that right. DTP is now central part of any business, academic and government enterprises. (which links us back to data visualiztion and the “how” of presenting complex information in clear fashion).

This to me the *.doc format saga is just one of innumerable examples of crap / unfocused design methodology and extremely poor ethics.

There ends my rant.

On a positive note there are many developers - especially in Open Source - now who are very conscious of creating the best balance possible between “system-friendly” and “user-happiness”. A wonderful thing to see.

One example of well designed specialist software format is from Bentley CAD Microstation used by architects and civil engineers. Bentley did something very smart. They made sure their file formats were bullet proof and forward / backwards compatible. One shining example that really deserves the moniker of “software engineering”.

This looks like a great book. I’m sure a few more like this will surface in the coming year.