

The Wrong Level of Abstraction - bdfh42
http://www.codinghorror.com/blog/archives/001275.html

======
tptacek
The comments, though. My god, the comments. "Yeah, but how can you _trust_ a
cryptography library? This one time, I used a library to parse email
addresses, and I wound up having to do it myself. It's like with your car, do
you really need the mag-alloy wheels, or shouldn't you just do things right
yourself. Like this one time, I took AES and randomized the S-Boxes so even
the NSA couldn't decrypt it and" --- sorry, I lapsed into comments from Colin
Percival's blog.

~~~
tdavis
Maybe it's just me, perhaps because I didn't understand a damn word in this
article[1], but I've never attempted to implement any sort of cryptographic
functionality myself. Occasionally I'll MD5 something for the sake of
convenience, but it is never meant to secure anything. I don't know why so
many programmers actually write their own code. It's silly. There are people
way smarter than me in basically every programming domain that exists. I'd
rather use their code.

[1] [http://www.daemonology.net/blog/2009-06-11-cryptographic-
rig...](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-
answers.html)

------
geebee
I agree with Jeff's general statement "don't reinvent the wheel, unless you
plan on learning more about wheels" but I think it's important to keep in mind
the costs of going to a higher level of abstraction as well.

Every framework I've used claims to improve productivity, and they _all_ ask
why you'd want to reinvent the wheel rather than use iBatis or or Hibernate or
JPA or EJB or Spring or Guice or GWT...

 _Some_ of these frameworks actually deliver on the promise of increased
productivity. Others don't at all. A few do help once I've learned them, but
aren't worth the sunk cost (ie., they do improve my productivity once I've
sunk 200+ hrs into reading and configuring, but not enough to offset the time
invested).

One reason I like "low level" coding is that I _know_ I can get the job done
in a straightforward manner. It'll take a lot of typing, and it may be
tedious, but so is dumpster diving through log files to figure out why the
"wheel configuration file" isn't finding the "lug nuts" tag, only to then
discover that volvo v90 has only been compatible with the deprecated version
of the hubcap plugin ever since Ford stopped contributing to the "tricked out
rim" facade.

"Trivial" doesn't mean quick and easy, it just means that conceptually, you
can see a path from here to there that doesn't have any serious question
marks. In this sense, reinventing the wheel is often "trivial". Let's not
understate how much time a programmer can lose by trying to make sure he
_doesn't_ lose time by reinventing the wheel.

------
johnm
I love how Atwood's piece (let alone many of the comments) is directly an
example of what he's talking about.

I.e., while's many of his points are true they miss a much more critical
point...

When it comes to security all discussion must start with: "what are your
threat & risk models?"

Without that, all of the rest of the discussion are pointless, delusional,
wastes of time.

~~~
notaddicted
Here is the usual human algorithm for that sort of big question.

a. What should I be worried about?

b. What is everyone else worried about?

c. I'm worried about $b.

------
Oompa
I would've never guessed using a library would be easier than coding the
functionality that the library provides.

~~~
niyazpk
The article is not that bad, compared to the last 5 or so from Jeff.

Atleast what he is saying is correct this time. And this time the article is
HN worthy IMHO.

~~~
cracki
saying the right stuff isn't HN worthy, IMHO.

saying the right stuff when nobody knows of believes in it, that's HN worthy.

------
sho
_"One of those alternatives would be a full-blown library, perhaps something
like Bouncy Castle, or Keyczar, or cryptlib."_

.. none of which are (easily) usable from Ruby. Would anyone have any
recommendations for the gem of programming languages?

~~~
tptacek
If you can't write Keyczar bindings for Ruby, maybe cryptography is a little
ambitious for you too.

Note: Bouncy Castle is _not_ a recommended high-level crypto library. More
grevious errors are committed in the name of Bouncy Castle than almost
anything but OpenSSL.

~~~
sho
Of course I have the technical ability to write C bindings (or whatever it is)
for $arbitrary_library. Your whole thesis, however, is "crypto is hard, so
don't try to do it yourself", so I asked for suggestions on how _not_ to do it
myself.

And I only mentioned "Bouncy Castle" because it was suggested in the article.

