And Google said, "Let them search code."
Posted by: Erik | From: October 9, 2006
Writing code is all about solving problems. Hard problems. And it's made more difficult by the fact that computers don't understand human language. Not even close. If I wanted a computer to pick-up milk at the store (assuming, of course, that computers could do such a thing), I would start by telling the computer to turn 90 degrees to the right. Then I would instruct it to walk 20 feet to the door. Then... And this sort of thing that would go on and on... A human, however, just has to hear the words, "pick up some milk please," and (presuming the individual is so inclined) they'll travel to the store and return with some milk. If only our computers were as smart as humans. But they aren't. And this means that programmers spend much of their lives telling computers, very literally, what to do.
This pedantic creation of instructions is tedious, and, more to an employer's point, error prone. As it turns out, there are lots of different ways to solve a single problem, and most of these are complete crap. But the quality of a solution isn't apparent for weeks or months. It takes a super experienced/smart programmer to tell the difference right away, and there are only two of them on the planet. But what if there was a way that programmers could search the thousands of source files on the web and get a sense of what works and what doesn't?
Enter Google. While searching code on the web isn't a novel idea, Google does search like nobody's business. And they've done the same thing for code search. Now, programmers have instant access to thousands of documents detailing common approaches to programming problems. Of course, sifting through these documents can be a chore (many contain poor code), but I would still contend that being a programmer today is better than being a programmer one week ago (before Google code search).
Enter the hackers. Many of the crappy ways of programming lead to security problems. Example: It's kind of like if we had programmed a computer to go get milk, but we had forgotten to tell the computer to actually get the milk before it hands over the money. Now, any chump on the street can scam our computer out of its money. Is this a problem? Well, if we're the only ones with the code, then maybe people won't notice that our computer hands out free money. It's kind of a lame strategy to just cross our fingers and hope, but that's what we get for being bad programmers. If, on the other hand, Google has made our code searchable, we're hosed: hackers are going to be searching for "hands out money" AND NOT "demands merchandise", and they're going to get a list of applications that give out money for free. Ours will be on that list, and you can be sure that we're going to be out a lot of money after the Russian/Romanian/Chinese/Brazilian hacking hordes have had their way with our program.
Example. (Possible buffer overflows. From kottke.org)
This work is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.
