[LINK] The Ethics (!) of Dodgy Web Designers

Rick Welykochy rick at praxis.com.au
Wed Apr 18 12:44:50 AEST 2007


Karl Auer wrote:

> "If you don't know what DTR is, you shouldn't be allowed to use a
> modem!"
> 
> "If you don't know what one's complement is, you shouldn't be allowed to
> use a microchip!"
> 
> "If you don't know what encapsulation is, you shouldn't be allowed to
> use a compiler!"

There is a stark difference between programming a modem's firmware and
using it as a consumer. The same applies to a microchip. You certainly
don't need to know 1's complement to use the microchip in a consumer
device. But you do need to know that and many other things to program it.
Same goes for a compiler. Use it to cimple all you want, but if you are
a compiler maintainer, you do need to know your stuff.

I think you are mixing two different levels of use here in your examples.



> We are now entering - in fact we are well and truly IN - the age of
> computing for everyone, and such cries are now, as they were then,
> utter, utter bullshit. Truly. People with no idea what atomicity,
> consistency, isolation or durability might be have written, are writing
> and will continue to write useful stuff for you and me to use. The key
> is "useful". If it isn't useful, it won't work, and people won't use it,
> which in turn will drive the authors to do better, but no other
> benchmark is remotely relevant. Of course, giving users viruses or
> whatever definitely counts as "not useful" :-) and may cause the authors
> to be beaten severely about the head and shoulders by way of additional
> incentive to improve. It was ever thus.

It all depends on what the application is and what level of use you are
talking about. Once again, I can "use" a database on a website without
knowing the guts. But I certainly wouldn't be designing and implementing
a transaction-based system without being a DB expert. I've seen far too
fsckups when people who don't know their stuff (being it ACID or whatever)
to conclude anything else.

How many SQL-injection attacks have you heard about lately? They are
caused by kiddies "using" a database in an incorrect fashion.

I could just have easily spouted off about incorrect programming
practices as I did about ACID. There are countless examples in computer
science why the kiddies and amateurs should just stay away from programming
and implementation. Let them stay at the "user" level.

One further example: GIGO. My experience has shown me that far too
many implementers do not even check for garbage input. What ensues
in such applications is complete garbage out, crashes and instability.
Far too much time is spent on writing code quickly and then deploying
it. Conversely not enough is spent on analysis, design and testing.
I say this from experience.


> But *noone* cares what's under the hood except the outraged computer
> literati.
> 
> Right now, perhaps, you need to know about ACID to write a good database
> application. But the tools will get better and eventually you won't. I
> wonder what the cries from the pulpit will be then?

The literati in any field of endeavour will always cry foul when inexperienced
and untrained individuals attempt to do the same level of quality work and
fail, thereby bringing discredit and loathing to their profession.

Your thesis can easily be disproved by negating its converse. Suppose
it is fine that punters with inadequate knowledge of "what's under the
hood" are allowed attempt to implement quality systems, mission critical
applications and security frameworks. Disaster ensues. Encryption is a
very good example. Time and time again, those without the required mathematical
and cryptographic background who invent new encryption schemes fail. Their
peers discover flaws almost immediately.

I am hardly outraged. Simply passionate about my field of work and pissed
off by incompetence.


cheers
rickw


-- 
_________________________________
Rick Welykochy || Praxis Services

Windows accelerator: G*m1*m2/r^2
     -- with apologies to John Clear



More information about the Link mailing list