Code is Ethics: Part II

Digital FootprintEthical guidelines for software developers exist. Code is effectively a regulatory construct (Lessig). The ethics that build the code define the ethics in an ever increasing technological world. This was covered in Part I.

In today's world, code is increasingly re-used. This reduces the amount of time it takes to develop software. Production environments have morphed from, "Press Play On Tape" to complex interdependent systems. A bug in any part of the interdependent system can bring down the entire server.

A developer who writes a piece of code doesn't really know how it will be used. All that developer can do is trust that the code is used for the right reasons.


From the Headlines: Wordpress Compromised.

Hundreds of thousands of Wordpress sites that weren't updated were compromised in December of 2014. Now consider this quote:

...Now it seems that websites running a third-party plug-in called Slider Revolution are being hacked, and malicious code is being installed that will in turn infect those who visit the website. The developers of the plug-in, ThemePunch, have admitted that they knew about the vulnerability in February this year but kept quiet about it...

Horrid, right? Not really. Themepunch did know about it and patched it within hours (emphasis mine):

In september 2014 the internet security company “Sucuri” released an article about a critical vulnerability in our “Slider Revolution Responsive WordPress Plugin”.

As our plugin is widely used on millions of wordpress sites throughout the web, the problem needed to be tackled as soon as possible.

Our decision to keep the update relatively “silent” (only a “security fix” text was put into our update list) was based on our fear that an instant public announcement would spark a mass exploitation of the issue.

We had the hope that in time (29 updates between february version 4.2 to september version 4.6) most users of Revolution Slider would update their plugin installations to close the security hole. Sadly that was not the case...

ThemePunch had acknowledged and fixed the error, and quietly put a fix out. From an ethical standpoint, they did everything that they could and with 29 updates since, it's easy to see where the fault lies - with those that didn't update their sites.

So, while good code ethics were practiced, the end result was not pleasant. The harsh reality is that we software developers have to be careful to know how the software will be used, and yes, this includes updates. For the record, Wordpress has made it possible to update automatically - but as Brian Lewis's blog entry and comments point out (in the context of asking about auto updates for Drupal), new problems can arise because of automatic updates, particularly in customized complex environments.

And the phrase 'customized complex environments' covers just about every website out there. So now we're beyond just writing the code, we're into supporting the code through it's software life cycle -  a life cycle that typically ends when the software is no longer supported. Software is no longer supported either because it has become antiquated by competing software, upgrades in hardware or when the business model can no longer bear the cost of the software. Since I picked on Wordpress above, I should note that Drupal major versions are no longer supported when the new version competes with the old one because... oh, I don't know that there is a good excuse.

So now we're into the ethics related to code, but more related to the configuration - partly software configuration management, but also server administration - making sure that all the things that a piece of code depends on simply don't break.

In fact, if you really consider all the issues, it's a wonder that the Internet hasn't fallen apart yet.

The Internet hasn't fallen apart

The reason that our beloved world wide web hasn't fallen apart is because of the ethics of those involved. Professionalism. Reputation. Trust. There are a lot of great people who keep things working right, cogs in a digital machine that some consider to be mankind's masterpiece.

From the folks at the server farms that host the code to the person making sure that the software is up to date, there's a constant buzz of things happening. Sure, code is a de facto regulatory framework for how we communicate and store information, but that code is built and maintained on the professionalism of the people involved - it's built on ethics. 

That's why code is ethics. Code is a living, breathing creation that is written based on the implicit ethics of anyone involved and supported in the same way. It embodies what we are willing to do and it denies what we are unwilling to do.

Code defines what we are capable of based on who we are.

It's a wonderful and horrible thing to consider.

Code is Ethics: Part I

Ethics and Morals: Timeless and Universal?It's long past time that there was a discussion on Ethics within the context of software development, particularly since it is no longer the isolated area of expertise that it was prior to, and in the early stages of, the Internet.

Back in 1999, Lawrence Lessig wrote a great book that was revised in 2006: 'Code: And Other Laws of Cyberspace, Version 2.0'. Within the covers, the point was made that code is, in and of itself, a regulatory instrument of the Internet. If you're unfamiliar with it, you can read Lessig's article on it in Harvard Magazine.

Of course, code does regulate how things are done - more so than most people would like to think. Examples of it include what posts you see on Facebook and your search results on Google when you log in (you can log out to bypass it). What you see is 'regulated' - effectively censoring under the guise of giving you what you want. I'm sure that there's a semantic difference someone would wish to argue, but by determining what should be viewed by people you do have de facto censorship. 

As I have said and written many times in the past, Law is supposed to be built on Ethics. What ethics are involved in software development? To people who have taught themselves or who went through some short course, the concept of ethics in Software Development might be alien - but there are ethics. In fact, the ACM has published and maintained a Software Engineering Code of Ethics and Professional Practice - and for those who understand the underlying philosophies of Free Software and Open Source. 

So there are ethical standards when it comes to software development. They just got more complicated because software itself got more complicated as the personal computer era became the Internet era.

Windows: SFTP: Remember Filezilla

Ftp. Next will be httpAn email from a former student at The University of the West Indies School of Continuing Studies made me chuckle, since they were having the same problem I recently had. My Linux machine was down, so I was working from Windows 7 (yeah, I know). 

Myself and an IT Manager were going crazy trying to figure out why, on a particular server, we could log in to CPanel and change files one at a time, but when we tried to automate using SFTP with WinSCP, we were getting 'permission denied' errors. As far as we could tell, there was nothing wrong with the server itself. The issue was a Permission Denied (3) error, and as you can tell from the link, it's been reported off and on for about 8 years.

<InstructorHat>When you are using a tool and getting unexpected results, try a different tool</InstructorHat>

I logged in with trusty Filezilla and had no issues. Try it if you're in the suck - or find a Linux/OS X machine and try it. The issue, which apparently isn't that common (or I'm sure they would have fixed it. WinSCP is a great tool that normally works fine), shouldn't be a setback during a project. 

Of course, when downloading Filezilla, make sure you don't get one of the Adware bundles of it. It's unfortunate that to make a living developers sometimes resort to adware. There's a bigger problem in Free Software/Open Source where many don't donate for the software they do use, which is a philosophical and economical debate I've seen both sides of and I'm sick of. We all do what we must to eat.