RE: Principle of Least Power, "Motherhood and Apple Pie"

Len Bullard writes:

> we know it was all for the sake of simplicity so
> the codeheads whose brave, valiant fearless
> efforts to make the world safer for stealing
> (ooops... sharing) photos, songs, code, and cold
> pizza could maybe get just a little more egoboo.

> I can stand the design lectures, but Dan, take the
> credit and accept the blame.

I think that tying these concerns to the Principle of Least Power (PLP) is 
really unfair.  If some of the design points of the Web or the Internet 
prove to be overly simplistic to serve their appopriate role in society, 
that is or would be a very serious concern.  It's a reasonable one to 
raise, given the tremendous importance of the Web in our lives.   I don't 
think it undercuts PLP at all.

In [1] Tim explains the PLP:

        "Computer Science in the 1960s to 80s spent 
         a lot of effort making languages which were 
         as powerful as possible. Nowadays we have 
         to appreciate the reasons for picking not the 
         most powerful solution but the least powerful. 
         The reason for this is that the less powerful the 
         language, the more you can do with the data stored 
         in that language."

First of all, I read this as talking directly about languages, and only 
indirectly about whole systems,  though I'd argue that the good advice 
applies somewhat to both. 

More importantly, it talks about designing "solutions" which means, 
somethat that really does meet your needs, security and all.   I don't see 
anything here that says:  design for simplicity even if the result doesn't 
have the characteristics you need.   It says, when two languages both 
provide "solutions" to your problem, choose the less powerful of the two. 
Declarative languages are preferred to imperative, and so on.  Years of 
experience suggests that this is excellent advice.

Even with respect to the concerns you raise, I think the principle offers 
useful advice.  If the architecture of the web were 100x more complex and 
powerful, then there's every chance that we'd have ever so much more 
trouble reasoning about what its security characteristics are.  You might 
not be able to tell whether your pizza was vulnerable to theft, because 
the whole thing would be too complex to grok.  Again: I don't think 
anyone's arguing for building naively simple systems. 

I suppose it's true that those who value simplicity maybe more at risk of 
designing inappropriately simple systems, and maybe that's the underlying 
point of your concern.  That's at best a more subtle issue, and I don't 
think it merits the sort of ascerbic attack that you sent to Dan.  I think 
we're all on the same side here, trying to do the right thing.

Noah

[1] http://www.w3.org/DesignIssues/Principles.html#PLP

--------------------------------------
Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142
1-617-693-4036
--------------------------------------

Received on Tuesday, 2 August 2005 21:50:32 UTC