Slashdot Mirror
First, Do No Harm - A Hippocratic Oath for Coders?
rhysweatherley asks: "With the increase in spyware, spam, etc, is it time for a Hippocratic Oath for Programmers? Should programmers be able to refuse to write code that harms the public more than it helps? Should they code defensively to prevent software and information being misused for unintended purposes? And how do we protect such programmers from being dismissed unfairly for standing on principle?"
This is the classic dilema with all technology, which can be used equally to promote good as well as well as evil. Encryption software enables privacy for bad guys as well as good, just like guns protect people indescriminately. While it's a good idea in a perfect world, it can't be done. Its a variant of the old 'guns don't kill, people do'.
The concept of a hippocratic oath is important when you consider that surgery is one human life "playing god", or in a strong position of power over another. How can be there be such a relationship in programming?
There are two ways to look at thist:
a. There are commercial software applications that are going to be used in life threatening applications. Medical software is a growing industry. As soon as someone dies as a result of your medical software, or even when a doctor was using it, expect a lawsuit. The standard threats of legality and fear of punishment are the motivators when writing software for that kind of industry. Therefore, in the commercial world, it is (in the most part, and especially in code with a more serious use than KaZaA) self regulating.
b. Software, being the way that it is, is very easy to modify -- sometimes for better, sometimes for worse. Any kid can take an open source program, hack in their own viral segment, and then release it. While forking isn't that bad a problem in the OSS community, and in some cases is a very good thing, if Windows ever got publically open-sourced I know that hundreds of kids would go through and change every occurence of "Microsoft Windows" to "my l33t h4x0r cl0n3 0s" in the source code. Hell, I hex-edited command.com back in the day for a laugh. But I didn't know enough to do anything but change strings.
That's the clincher - only people that know what they are doing can become a registered medical practitioner, as opposed to any 12 year old who can be a "software programmmer." I propose a simple return to the Internet of a few years back, where you had to be relatively smart, but not a rocket scientist, to get online. There were no "Compile, link and run this downloaded code" buttons in flash IDEs. I hope that the development of Internet2, or whatever it turns out to be, means that we can return to a bit more geek-academic-centric network, instead of an advertising and pr0n festival.
If it wasn't for the kids hacking code that started through a vanity desire, we wouldn't have half the cool technologies OSS has today. You have to put up with the good and the bad, and filter through it. For every Brilliant Digital there will be a Lavasoft protecting us, eventually.
Read it
they'd just fire you and hire someone else. If you are unwilling especialy now there will be 10 other people willing to do it and take your job if you aren't.
You're missing the point. First of all, I don't think there's 91% unemployment among software developers. Secondly, if there was any kind of organization among programmers independent of the employer then the employer would have a hard time bringing down this type of action.
I don't think a "union" would occur, but I wouldn't be surprised if a professional organization of ethical programmers would arise. I would imagine members could fetch a better salary, especially if there was some competency requirement, as doctors have the Medical Board exams.
It would hurt the self made programmer, but I would certainly rather see that type of accreditation than what we have today: MCSE, MCSA, etc...
My Karma was at 49, then they switched to words. All that work for nothing!
I thought that coders worked for the boss?
Seriously. How would your boss like it if he found out that you wouldn't add a feature like banner ads on an ICQ window because you took some kind of oath? I realize that the question asked in the submission, probably doesn't include things like this, but still.
Don't get me wrong, we shouldn't be supporting companies that like to sneak porn into children's software and other extreme similar companies, but for the most part we shouldn't need an oath.
testing out my trending skills
Are there already Malpractice suits for coding? I wouldn't imagine so, considering the you're-screwed-if-we-mess-up-attitude of the EULAs you have to accept when installing software. If there were a hippocratic oath, though, do you think that would change it so they ARE responsible? Then there'd probably be LOTS of "malpractice" type lawsuits from anyone who manages to make the software cause some sort of harm to their computer. I bet there would be a lot of people TRYING to make it do that..
I understand that life's not fair, just why is it never unfair in my favor?
How can you even QUESTION for a moment commiting to the oath? I can't believe you all. "If I don't do evil, somebody else will."
What the hell kind of justification is that? Are you a machine or a person?
I quit my job when I was told to change the privacy policy statement on our web page. Were we going to notify people? Yeah, eventually they did- opt out policy, of course.
Check this out- they decided they wanted to sell as much personal information as possible. But they had to get peoples "consent". So they sent out two test 'notification' messages, one allowing people to opt-in, and one allowing people to opt-out, 5,000 people each. In both cases, they got only 5% response, either from people saying "yes, it's okay" or "no, it's not okay (FUCK YOU WE HATE YOU NOW)". I remember the Customer Service ladies joking about the hate mail we got back, as if these people were loonies for not wanting us to do this. (Oh yes, btw- we were truste approved..) When they found what everyone already knew- that people didn't respond either way, they said, "Oh, well, we'll just do opt-out", and sent out the notification. We got a lot of angry email after that, but it changed nothing.
I argued with my PM, who relayed my "concern" to our CTO. The CTO is an aristocrat and sees the wealthy as the custodians of society. It's right for him to do this, because the money will be used towards "proper" ends.
I left the company.
I shun all those who remained.
I shun all of the PMs who sat back and made up justifications for their transgressions. I shun the CTO's and investors who view themselves as the managers of the world.
Always have a back-up store of money, so that you aren't tempted to do evil in order to live.
Pussies who say that capitalism is good, but then violate the Golden Rule ("They're slackers anyways; They should read the contracts more carefully") drive me up the wall. Coworkers that claim that "If I don't, someone else will" drive me up the wall. The folks making the decisions saw it as their duty to guide the human race; They were manipulating people for their own good, and the sake of progress.
Fucking bastards.
Bee Ay eS Tee Ay aRe Dee eSs.
BASTARDS!
Shame on you!
True enough, so let's get to the real meat of the issue.
<P>
Doctors take this oath, and follow other rules, as part of being a <b>certified</b> profession. To be a certified profession means there is a governing body, and often the government, which defines whether you are a doctor or not, and defines whether you can practice medicine.
<P>
Certification makes sense in a very limited set of professions where the practicioner will be doing something life-critical like cutting you open, or defending your freedom in court, or designing a bridge for you -- and just as importantly, in cases where you have a consulting relationship with the professional rather than an employment one.
<P>
If you're going to trust somebody you barely know with your life for a short-term contract, you bet you want some external means of certifying that they are capable of the job.
<P>
But with a very few exceptions, programming and sysadmin are not like this. THere are of course many consultants, but most are actually employees. Instead of the government defining who is a programmer, the employer decides who they want to hire.
<P>
What would an oath for programmers mean? Would there be a certifying body checking things? Would it get to define who was a programmer? Would somebody not be allowed to be a programmer if they didn't take the oath?
<P>
That's not what we want.
Has it been over a year since you last donated to the Electronic Frontier Foundation
The Geek Oath would be even worse off when it comes to gray areas. For example:
I used to work at a (now defunct, like the rest of 'em) dot-com. Our software was, by most definitions, spyware: If you downloaded and installed our software, it would keep track of what you listened to (via pretty much any media player -- we had the top twelve or so covered by the end) and send that info to our servers, which would respond with a wealth of information -- current news, tour dates in your area if you so chose, new releases, etc. The longer you listened, the more information you would get -- "Oh, I realize you're not listening to Radiohead right now, but by the way they've got an album coming out..."
Now: a) We never attempted to sneak onto someone's system; b) We made the uninstall as painless and obvious as possible; c) We never hid the fact that we were sending back listening statistics. But still, we *were* monitoring what you were listening to.
So would I have been in violation of this theoretical Geek Oath?
(Save your flames and your "I'd never!"s -- fact is, a lot of people did, myself included. It just Didn't Work Out, but our management handled the end -- once it was obvious that it was inevitable -- very well.)
Hey, i'm an MCSE, that means i'm a programmer? cool! But seriously, folks...... I left a job over ethics last may. aside from a few consultations, mini-contracts, no more than say 1 month worth, i've been out of work for about a year now. Looking back on things from the unemployed, about to be bankrupt perspective, I have to say I would kinda like the idea of a professional ethics org of some sort for IT pro's. Would I still have left the position if I had known then what I know now? Yup. just 6 months sooner, and with a LOT more fireworks. If you are going to get blackballed by the cat herders for leaving quietly, why leave quietly?
Why, yes, I AM a Pagan Libertarian.
The basic idea behind the ACM code of ethics, which was first developed in the 1960's (but has been amended many times since) is to avoid being specific or definitive in any way. There are good reasons for this that were published in an ACM paper titled "Rules for Ethics in Information Processing", by Donn B. Parker in the ACM journal for March, 1968, describing the reasons that the code of ethics was designed how it is.
If you look at the code of ethics carefully, there are virtually no declarations in the entire thing that state "thou shalt not" or "thou shalt". If there's anything that says that, it puts the judgement of what it means on the member themselves.
When it comes down to it, the code of ethics is more of a requirement that ACM members use their common sense and do what they truly believe is right and ethical in a way that is within reason acceptable to society. Every single person has their own idea of what is ethical, and the boundaries are very fuzzy. As soon as you start drawing lines, you create as many problems as you solve.
It has been used in the past to kick people out of the organisation. I think one of the first times it was used was to dismiss a member who'd put workarounds in some banking software so that his own account had certain financial advantages over everyone else's... or something similar. He was put before a committee representing ACM, he couldn't ethicly justify what he'd done in a way that satisfied the committee, and so he was thrown out.
The ACM paper above is a good read about why it isn't a good idea to have a strict code of ethics. Personally I think the ACM approach is a good way to do it.
"I took an oath to do no harm through code!"
"How fascinating... you're fired!"
But what am I thinking... don't the MBAs take a similar oath?
Why don't you put your money where your mouth is and try doing a search on monster or dice. When I last did a search to see what was out there, it showed 24 jobs in my area.(Atlanta, GA population 4 million). This was for any job with C, C++ or COM in the description. Most of these jobs were looking for sennior engineers or those with a very specific skillset. It's not much better for other langauges such as java, PERL, etc. I think you need to get a clue, even in 1999, when the economy was strong, employers were very picky about who they hired. There was and never has been an IT labor shortage. That was just some crap drummed up to allow the importation of H1B Visas, in order to further drive down the salaries of engineers.
There are several rules of Software Engineering.
1) There's For Dummy's and in 30 Days books about every language ever written. Because of this, every person with a GED thinks that they can write software better than you, the person with multiple CS degrees/certifications/so forth, because they can program their VCR.
2) The client will not trust you, you are a software engineer. That stack you wrote, they don't understand it. In your documentation, rewrite all of your notes from your Intro to Data Structures course. When the client doesn't understand (after all, they don't have the prereqs), or doesn't bother to read it, they will mistrust you. Again, there will be a problem.
3) Your client will now give you THEIR idea of how the software should be written. Because of all of these tools that SHOULD be useful, they're sure that they have written you a design better than anything that you gave them, because it has circles and arrows. Most of them make little sense. Many of them are dangerously redundant. At any rate, the client will check you to make sure that EVERYTHING that they put on that sheet is in the code, and that nothing else is.
4) Forced by Corporate pressure, you will write this. As a result, your software will not work. Perhaps you should have read "Software Engineering for Dummy's" It all makes sense in there.
Granted South Dakota is not the best place to be looking for a job in the IT sector, but it's where I am, that by no means that anywhere else is any better, I am also looking in LA and Phoenix and still have had no luck. Here is a rather long thought that I wrote up today while extremely frustrated with my job hunt...
It occurs to me, that in this time of economic trouble while people struggle to find gainful employment with which to support themselves and even expand upon their knowledge base and experiences, the business world shies away from hiring inexperienced employees and instead attempt to hire only those with years of experience under their belt. This in theory makes perfect sense, employers wish only to hire the most qualified persons they can for their money. Sadly this method is ultimately self-defeating.
We live in a market economy. There are producers and consumers. Most companies are both, producing goods or services while consuming resources with which to provide those goods and services. What happens when the resources dry up? With out adequate resources any business will cease to be. For instance a shortage of rubber would help to shut down tire manufactures, do you think car manufactures could exist with out an adequate supply of tires? What about all of the employees? All suffering companies would both have to lay off vast amount of employees to keep from going under right away. These new members of the unemployment line become consumers who have no method of production with which to adequately support themselves with. Suddenly, a large number of consumers no longer can afford to buy as they once did. A shortage in buying will help to destabilize the entire market where producers would not be able produce as much because they cannot sell as much of their products.
A farmer who wants to succeed in farming does not do so by salting his fields, a schoolteacher does not help the school system succeed by burning her school to the ground. Why does business think that by eliminating one of their vital methods of production do they still expect to stay in business?
When businesses refuse to hire those with out large amounts of relevant industry experience they do nothing but hurt their ability to hire qualified people down the line. If job experienced is measured in steps of a ladder, how can a business expect to hire persons who are near the middle or top of the ladder when they prevent anyone from ever setting foot on their lowest rung? Either they hope that someone else will permit that first step or worse... they are not paying attention to what will happen in the future when they shoot themselves in the foot.
Both are equally evil and both are going on as we speak. Isn't it time to allow that first step to occur so that that climber can be brought into the upper levels? The expectation that others will create these quality employees for you is ludicrous. As the old line says "God helps those who help themselves." In no way do I mean that God or anyone else will swoop down and save those who make reasonable attempts towards progress and advancement, I mean that unless one is willing to take steps towards improvement and investment are never going to get anywhere while sitting still will simply cease to be. Those who stand still deserve to perish; with out allowing the first step all there will be is stagnation and an end to all we know and cherish.
Are you ready to allow it?
Help Brendan pay off his student loans
They went ahead and did it without me, the spam yielded no profit at all, and I'm still working for them, but considering other job offers.
I explained politely as I could how spamming is not a good business practice, and even though I have many years in the software business, I was ignored. It's sad when companies trust their upshot marketing people over the more qualified seasoned employees.
http://www.codewolf.com - Just good stuff to waste time
This works. Very few structures fall down in the developed world because of engineering errors.
One way would be to require that programs whose malfunction can cause nontrivial harm be signed and sealed by a registered professional engineer, the way building plans are signed. To give this teeth, certificates for code-signing would be issued only through registered professional engineers.
Someday, programming may grow up and go this route.
Understood, but our company had layoffs two and a half months ago, and as far as I know, one of the guys laid-off who is a class away from a BSEE and has a BS in CS has not been able to find a job. Networking, yeah, that's great, but it's easier said than done when you work in hard-core scientific programming. Very few of us ever have a chance to talk to customers. I am not a consultant, but a software engineer, and turnover at the company I work at is very low. So, if I did manage to get laid off, who would I network with? Sure, I have a few buddies I went to school with, but that gives me maybe 5, at most 10 people that I can call, and then I'm SOL. And I've been working 60-80 hours a week since the beginning of the year, so how am I supposed to find time to network(last weekend was the first weekend I had off since the end of Feb.)
I think a better (and more realistic) alternative to some sort of oath would be to treat software professionals like the engineers they are. In every state (AFAIK), you cannot lawfully claim to be an engineer without a license.
However, the tests that exist in most states are completely inappropriate to software engineering. Dynamics and statics are all very nice, but they have nothing to do with most software systems. What is needed is a test and license for software engineering. Licensed professionals could (assuming an appropriate test) command higher salaries than mere code monkies, and employers would know that they can expect a certain degree of quality from professionals.
This scheme also has the potential to improve the general quality of software. Just like a civil engineer signs and stamps building plans, declaring them sound, a software engineer could be employed to audit a software system's design and implementation, certifying it as secure and robust (to a point). As any experienced developer will tell you, code and design reviews are extremely important, and often neglected.
vi is my shepard, I shall not font.
I don't know what kind of programmer you're refering to. It took me five years to get my degree in Computer Engineering, plus a lot more time of ongoing education since I graduated in 1990. That was an extra five years after getting my associate degree.
I actually have very little respect for doctors' attitude that 'we save lives'. So do I when I design control systems running heavy machinery, or avionics, or run an industrial plant, or whatever. Like any other profession, medicine is full of people who aren't as capable as others. The problem I see with doctors is that they all want us to believe that they're 'hollier than thou'. I don't accept that. If a doctor fucks up, a patient dies. If an avionics software engineer fucks up, a couple of hundred people die.
If the state of the medical profession, HMOs, drug manufacturers, and other health services in the United States is any indication, I'd much rather be an unlicensed software engineer than an "ethical" doctor. Why is it that medicines and medical attention cost as much as ten times as what they cost in other countries?
As for the cool technologies OSS has today, keep in mind that a great majority of them are re-implementations of software developed privately or under a university grant. Somebody did the research and h4x0rs re-implemented it. I support OSS (and not GPL'd, by the way; other licences like BSD are more to my liking but that's me), so don't go flaming me for this comment. A h4x0r != software engineer, though often a software engineer is also a h4x0r. People forget (even on /.) that coding is only the smallest part of the profession. System design, knowing how to analyze and apply the correct algorithms, understanding the OS (or how to build one), the compilers (or how to build them), and so on are as valuable as coding. I met many h4x0rs, even employed software "professionals" who don't have a clue of how to code something as simple as a Quick Sort.
Last time I checked, there are all kinds of charlatans developing 'miracle cures' and diets and what have you that, in the end, try to pass for members of the health industry. Turn midnight TV on and see for yourself.
Cheers!
Ehttp://eugeneciurana.com | http://ciurana.eu
Have you considered trying to fully integrate the two? E.g. where you can select files with both regexps and the mouse, then pipe them through a program, with output to a folder selected with a standard open/save type dialog?
Why the two UIs have to exist in isolation from each other, I'll be damned if I know.
(however, if you have hard numbers and testing methods used to support your statement, you should link to them; a lot of truths about UI turn out not to be when objectively vetted)
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
You wouldn't see all of these layoffs of 3,000 - 10,000 people that is for sure. As a hardware engineer, it is tough to keep improving on your technology. And once you design and create your circuit, it can be copied by the company while you don't work there any more. They still get the profits, but you don't get paid. IT's the same with software programmers also. There will be a time when the computer is going to be good enough, and maybe it will be in 5 years, maybe 50 years.
Plus with unions you wouldn't see as much equiptment being made in Asia, or the programming jobs going out of the US.
There still has to be inovation and inventions for this tech economy to do well, and not much has happened in the last 5 years.
Ok, here's my serious point: A coder, as every engineer / developer / inventor / insert-likewise-profession-here can not foresee the consequences of his work. There may be numerous GPLed database applications misused for the purpose of serving child pr0n. Are the DBMSs bad? No, it's their usage that aches our morale.
IBM never foresaw the rise of PCs, the telefax was sold out from its original inventors (they believed the market was too small), and the inventors of the internet certainly didn't think of sth. like /.
In most cases you cannot foresee the consequence of your work, good nor bad. However, systems that do bad things need an admin, too...so isn't this more a question of "hacker ethics" that "coder ethics"?
Btw. I would not want to code for a system designed for military purposes. They tend to be really annoyed by bugs ;)
No. Thanks for asking.
I have artritis in my joints. Killing me now, while I am in my 30's, could save me years, perhaps even decades of pain. Doing me that favor is not up to you, or any doctor. If I really can't stand living, it's up to me to kill myself.
My current "living will" says simply this: "Never pull the plug. Use any and all extreme means to keep me alive, no matter how severe my suffering. I can take it. I fully intend to stay hooked up to radical life support systems until either I die anyway, or future scientists invent a new robot body I can live in, even if it takes hundreds of years. If anybody pulls the plug on me, I request that my surviving friends and relatives avenge my death with immediate and violent action. Thank you in advance for respecting my wishes."
Information wants to be anthropomorphized.
Most unions today are run by mafia, in cahoots with the corporations they claim to be "standing up to", and serve no real purpose other than extracting money from the common worker.
Get a clue.
The profession of programming used to be a lot more independant, I get concerned that some day it will be *illegal* to program a computer without a license.
Freedom is good. Both freedom to program, and free software. I hope it stays that way.
I'm currently an EIT (Engineer in Training) just about ready to get my PEng status (Professional Engineer) in BC, Canada. BC and Ontario are currently the only two professional engineering associations in Canada that have Software Engineering as a recognized stream of engineering. What does that mean? Well, a couple things:
While this sounds all well and good, I've found there's a couple of unique features of software engineering that make it an odd fit into the traditional model of the engineering profession:
So what's the benefit to you, the code slinger? Well, first off there's the potential for legal protection. A previous poster pointed out you can't enforce ethics. That's not entirely true. In fact, that's the whole point of having a profession in the first place. If you're a professional engineer and you warn against taking a certain action and your company ignores your warnings, your obligation to protect the public usually overrides your obligation to your employer. If you allow the company to proceed with its plans, then you're liable. If you stop the company, they'll have a hard time firing you.
In traditional engineering, you could stop the company from proceeding with its plan by simply refusing to sign off on the design/action. But again, unlike traditional engineering, software engineers don't have quite as much power as traditional engineers. In traditional engineering, such as civil, there's all sorts of laws that require designs be signed off by a professional engineers (building codes, etc). In software engineering, there are no such laws.
For 99% of the software out there the concept of protecting the "public health and welfare" is fuzzy, and therein lies the problem. If the Clippy assistant in Word is buggy, crashes my machine and causes me to lose my work worth $1,000 is the software engineer liable? I suppose so. But did failing thoroughly test to ensure Clippy didn't crash a user's machine place the public health and welfare in jeopardy? Maybe. Economically perhaps, but certainly not "life and limb" jeopardy. In many ways, software engineering is raising the question of an engineer's responsibility to protect society in the context of modern technology.
Overall, I think moving towards a software engineering profession is the "right" thing to do, but it's probably going to take a long time to establish it on equal footing with the other engineering fields.