Software Sprezzatura


Sprezzatura is “a certain nonchalance, so as to conceal all art and make whatever one does or says appear to be without effort and almost without any thought about it”, coined by Castiglione in 1528’s The Book of the Courtier.

This art of practiced effortlessness has a home in software development, especially when it comes to user experience. There are some tools that I use daily that have a seemingly effortless interface, and some that elicit an audible sigh when I interact with them.

Engineers, security analysts, support agents and more are often faced with tools that have been built “for internal use”. Many folks who read this are probably familiar with the type: administrator dashboards that end up looking something like this:

an example of a rough-and-ready internal admin UI

This does not exude nonchalance, and certainly doesn’t conceal the inner workings of the backing software – it is barely more than a visual version of an INSERT statement. However, this type of interface is powerful – being “close to the metal” as it were gives control that higher abstractions may not necessarily have.

I personally loathe these interfaces. Groups who are faced with these types of tools typically already have a significant amount of cognitive load that they have to juggle, and by presenting an interface like this (be it a web UI, CLI interface or even a labyrinthian set of GraphQL mutations), they must further think about how they interact with the system before revisiting why they are interacting with that system in the first place.

And so we return to sprezzatura.

The best user experiences I’ve had have exuded this characteristic, and it should be seen as a goal. Full warning: I’m about to gush about Heroku’s way of doing things, and at the time of writing Salesforce pays my salary.

Say you have a git repository with your Rails app ready to go. Deploying this is as simple as this:

$ heroku apps:create yet-another-cool-app
heroku apps:create yet-another-cool-app
Creating ⬢ yet-another-cool-app... done |

$ git push heroku master
# [snip]
remote: -----> Launching...
remote:        Released v6
remote: deployed to Heroku
remote: Verifying deploy... done.
 * [new branch]      master -> master

$ heroku run "rails db:migrate" -a yet-another-cool-app
# [snip]

In that process, we created a containerised deployment of our Rails app, Heroku automatically started our web server, puma, created a free Postgres database, and wired everything up. Routing, load balancing, migrating to new hosts and so on are all taken care of.

This is sprezzatura, nonchalantly handling a deeply complex process and leaving you with the feeling “how do they make it so easy?” Deeply understanding the rules and expectations, and breaking them to great effect.

Effortless, almost without thought, yet accomplishes what you want and is almost charming in the simplicity.

I recall a talk by Sarah Allen about making software fun, where a state of “relaxed alertness” is promoted (sometimes known as play), and enabled by knowing your users and using what they know.

In the Heroku app creation example, developers are often familiar with CLI interfaces and git, so why complicate it?

In security, we often have tools that do not promote play, or exhibit sprezzatura. You only need to take one look at how to write a Zeek script, or work with the sometimes Byzantine AWS SDK to get a sense of how un-pleasant such interfaces can be. These types of interfaces can quickly sap enthusiasm, drive and creativity from whatever work had the misfortune of requiring them.

As developers, we owe it to our users to provide experiences that abstract away the complexity without giving up too much in the way of power.

As users, we owe it to developers to challenge them to keep their bar high and deliver interfaces that express that casualness, that playfulness.

We owe it to ourselves to be courted by tools that exude Castiglione’s studied carelessness, that certain sprezzatura.