[LINK] The Ethics (!) of Dodgy Web Designers

Rick Welykochy rick at praxis.com.au
Tue Apr 17 15:04:47 AEST 2007 

Stilgherrian wrote:

> Is it ethical for a "web design" firm to say they can deliver "online
> applications" even after their programmer leaves? When the programmer
> delivers code that contains basic security flaws, but they seem unconcerned?

No, it is not ethical. But ethics and the law are two different beasts.

I would think that the best thing to do is rely on the law of torts
through contract law. Put your requirements clearly into a contract.
The specification can include such things as security issues, maintainability
and standards of programming. Then don't pay up, or seek redress, if necessary.

Every contract I have been asked to sign as a web services provider
includes lots of detail as to the requirements and expectations of
the deliverables. If such a contract cannot be drawn up and agreed
upon, you are dealing with incompetent fly-by-nighters.


> What about when a client pressures me to do a "rush job" building a website
> in Dreamweaver (end client requirement for maintenance), a tool I've never
> used, even though I've told them this is a bad idea because I won't know
> "best practices"?

IMHO, Dreamweaver and its ilk are "worst practice" since they dumb down the
web designer to point of not understanding HTML, Javascript, programming
standards and the underlying infrastructure. It's like attempting to do
mathematics without understanding the axioms upon which it is based.

It surprises me these days how many web designers and so-called systems
people do not even know or understand the magic of numbers like the
following, which crop up all the time in computing especially at times
of stressed and overloaded systems:

127     7-bit max
128     7-bit overflow, same as -128 in 8-bit 2's comp

255     8-bit max
256     8-bit overdlow: careful!

65535   16-bit max

etc.etc.

These numbers just pop out at me, and are very relevant when analysing
error, core dumps, etc.


> I've written more about these issues on by blog...
> 
>     http://stilgherrian.com/internet/dodgy_web_designers/

You mention Contribute. Correct me if I am wrong, but I believe it is
simply a sophisticated no-brainer HTML web editor system that also allows
for dragging and dropping your website from local to remote.

So, FTP and HTML have been dumbed down to being "non existent". This is
NOT a good thing, IMHO.

I have watched a friend use Contribute (or whatever it was)
to update his website. He knows no HTML and does not understand FTP. He
was editing a website that used ASP (urgh) and a bit of Flash. Contribute
allowed him to update some tables of information. After many updates over
the months, the HTML started acting up.

I had a look at the HTML source and what a farkin' mess! Tables with cells
within tables, nested to a ridiculous degree. The whole page he was
working on broke and became practically impossible to fix. So the sorry
story goes. Not knowing the underlying HTML made it impossible to see
the (a) there was a serious problem with the automated code generation and
(b) how to fix it.

And don't get me started on automated code generators for Javascript and
AJAX. Therein lies insanity, insecurity and maintenance headaches.

Like yourself, I code in POH (Plain Old HTML) with some templates, avoiding
Javascript unless absolutely necessary. I have never required AJAX services
yet, and fear the day I do. It is hard enough writing secure HTML + JS that
renders properly on all popular browsers. And if you avoid JS as much as possible,
there are far fewer client-side attacks to concern yourself with. That then
leaves the coder the task of maintaining a secure server and focusing on
that instead of all the variations on the client side.

Returning to your blog entry. Yup, I agree with what you have written. There
are far too many untrained and unskilled web monkeys out there churning out
crap websites.

Heavens knows how far accreditation and industry vetting would get us.
Just look at MCSE.

And in your first example, it is plain wrong to eschew accepting any blame
for bad programming and insecure pages just because they had a staffing
problem. What, do they expect you the customer you wear that burden?

cheers
rickw


-- 
_________________________________
Rick Welykochy || Praxis Services

Windows accelerator: G*m1*m2/r^2
     -- with apologies to John Clear

More information about the Link mailing list