←back to thread

Against Best Practices

(www.arp242.net)
279 points ingve | 1 comments | 18 Nov 24 07:45 UTC | HN request time: 0.199s | source
Show context
agentultra ◴[18 Nov 24 14:14 UTC] No.42172433[source]
I think the rejection is too strong in this article. The idea of, “best practices,” comes from an established Body of Knowledge. There is one published for software development called the SoftWare Engineering Body of Knowledge or SWEBOK; published by the IEEE.

The author seems to be arguing for nuance: that these “laws,” require context and shouldn’t be applied blindly. I agree.

However they shouldn’t be rejected out of hand either and people recommending them aren’t idiots.

Update: one problem with “best practices,” that I think the article might have unwittingly implied is that most software developers aren’t aware of SWEBOK and are repeating maxims and aphorisms they heard from others. Software development is often powered by folklore and hand waving.

replies(7): >>42172691 #>>42173545 #>>42175036 #>>42175396 #>>42176186 #>>42177350 #>>42178640 #
TehShrike ◴[18 Nov 24 15:53 UTC] No.42173545[source]
I think it is best to strongly reject the idea "best practices will always benefit you".

Most best practices that I have been told about were low local maxima at best, and very harmful at worst.

If someone quotes a best practice to you and can't cite a convincing "why", you should immediately reject it.

It might still be a good idea, but you shouldn't seriously consider it until you hear an actually convincing reason (not a "just so" explanation that skips several steps).

replies(4): >>42173558 #>>42174780 #>>42180100 #>>42185061 #
1. agentultra ◴[19 Nov 24 16:13 UTC] No.42185061[source]
I definitely sympathize with the thrust of the article. I think the reality is somewhere in the middle: best practices are useful short-cuts and people aren't always idiots for suggesting them. I've worked with folks who insist on Postel's law despite security research in recent years that suggest parsers should be strict to prevent langsec attacks, for example. In those cases I would refute leniency...

Although I also do work in fintech and well... card payment systems are messy. The legal framework covers liability for when actors send bad data but your system still has to parse/process/accept those messages. So you need some leniency.

It does drive me up the wall sometimes when people will hand-wave away details and cite maxims or best-practices... but those are usually situations where the details matter a great deal: security, safety, liveness, etc. People generally have the best intentions in these scenarios and I don't fault them for having different experience/knowledge/wisdom that lead them to different conclusions than I do. They're not idiots for suggesting best practices... it's just a nuisance.

That's what I mean about the rejection being too strong. It should be considered that best practices are often useful and helpful. We don't have to re-develop our intuitions from first principles on every project. It would be tedious to do so. But a healthy dose of skepticism should be used... especially when it comes to Postel's Law which has some decent research to suggest avoiding it.