[LINK] The Ethics (!) of Dodgy Web Designers
Adrian Chadd
adrian at creative.net.au
Wed Apr 18 13:26:11 AEST 2007
On Wed, Apr 18, 2007, Karl Auer wrote:
> benchmark is remotely relevant. Of course, giving users viruses or
> whatever definitely counts as "not useful" :-) and may cause the authors
> to be beaten severely about the head and shoulders by way of additional
> incentive to improve. It was ever thus.
The trouble? This doesn't happen. Somehow software became a completely
seperate entity from all other engineering-type vocations in the early
80s and stayed that way.
> But *noone* cares what's under the hood except the outraged computer
> literati.
>
> Right now, perhaps, you need to know about ACID to write a good database
> application. But the tools will get better and eventually you won't. I
> wonder what the cries from the pulpit will be then?
I think you're partially on the right track. The trouble is that the entry
barrier is so low to writing software and this has good points (proliferation
of some pretty damned nifty applications by people with ideas and a little computer
clue, versus proliferation of pretty nifty technology by people who are brilliant
but perhaps not so peopel-focused) and bad points (ie, people using said software
and suddenly finding their personal financial data in the hands of Russian
Crime Syndicates.)
Me, I'd love to see software treated like physical infrastructure - the
company can't just shake liability like Microsoft, et al do. You make something
for paid income? You provide functionality guarantees. That might make some
actual -useful- tools appear for software design rather than the horrible
hodge-podge of semi-"managed" code that people still churn out.
(Anecdote which makes me giggle when i hear people talk about 'secure' software
environments: who remembers perl taint mode and its usefulness for writing SUID
and CGI scripts? Who remembers all those people who wrote "secure" Perl by
simply passing user data through a null regexp that made the data untainted
without bothering to check the actual input was valid at all? There's always
someone very, very lazy who is interested in money and time over correctness
and security.)
Adrian
More information about the Link
mailing list