Technology and Social Responsibility: Remember history...

One of the problems that has characterized our profession far too much is the phenomenon of the young, eager technologist throwing common sense to the four winds in search of the ultimate solution.

In the past, it was the slightly-mad, mid-40s to late-60s scientist who ignored the potential hazards of his (and it was always his; we never had mad women scientists, a form of discrimination women should be grateful for) research in the single-minded quest for knowledge.

There is even some validity to the argument that the atomic bomb came about this way; the technology was too fascinating to pass up. In fact, the truth is far more complex than that, but this is not the forum for that discussion.

What we do have is a headlong rush to "cool technology" that ignores the social consequences. Technologies such as Microsoft's ActiveVirus (excuse me, force of habit, I mean ActiveX) technology seem to be geek products designed by geeks for geeks, with the social considerations tacked on as a bare afterthought. Perhaps someday I will write an essay discussing this whole problem, but today is not that day.

I believe that a great deal of our problems with virus vulnerability on our current systems is the direct result of mid-20s programmers having more fascination with cool functionality than common sense. It is compounded by consumers who have no regard for their safety, and who, if safety is imposed upon them, would demand that it be removed. Microsoft, as the dominant seller into this market, bows to the consumer pressure and delivers what is desired, whether it makes sense or not.

This essay is my reaction to an interview with Bill Joy, a person who has an excruciatingly short memory.

Home
wpe4.jpg (1337 bytes) Company Profile
PE03257A.gif (4096 bytes) What's new?
jmnicon.gif (1393 bytes) More about me
wpe3.jpg (1219 bytes) Related sites
Books
Graduat5.wmf (6028 bytes) Courses
? Why a flounder?
cornucopia.gif (1567 bytes) Downloads

Bill Joy had an article in Wired about the hazards of technology. He was interviewed by Ubiquity, the ACM newsletter. I found one of his comments singularly inappropriate, and submitted the following reply, which I was promised would be posted in a subsequent issue (I will provide the hyperlink when it is published). The title of this response was "Pots, kettles, and degrees of blackness".

The original Bill Joy interview is on http://www.acm.org/ubiquity/interviews/b_joy_1.html

Unfortunately, Ubiquity, in an apparent attempt to not annoy Bill Joy and/or Sun, edited my response out of recognition, including changing the title. The salient point, which was the last paragraph, was deleted entirely. I have decided that Ubiquity editors are seriously compromised, or perhaps just humor-impaired, since the whole point of the essay was the last paragraph. Without it, the response they published makes no sense. I'm reminded of the Steve Martin line from the movie "Roxanne", which goes something like "Irony. Oh yes. We don't get much of that around here. We had some back in 1955, but people didn't get it, so we don't see much of it these days".


I find Bill Joy's comments about Microsoft seriously misplaced. For example, he claims that LoveBug was the consequence of Microsoft not getting economic signals correct.

Microsoft is delivering to customers what the customers say they want, which is wide-open, security-free environments capable of executing "cool" graphics from the Web. The economic signals from the marketplace are quite strong. In fact, Microsoft characterizes one major difference between their "professional" offerings and their "consumer" offerings being the "consumer" offerings have no security or file protection, because consumers don't want it.

In discussing the Web-content problem with a friend a couple days ago, he told me that it was Netscape that introduced the concept of active scripting in Web pages; Microsoft had to play catch-up on this one. So if there is any one party that can be accused of compromising the security of millions of computers, it is Netscape. But we're not allowed to say bad things about Netscape because They're The Poor Downtrodden Competitor. This would not be Politically Correct.

I have turned off all active scripting, removed the Windows Scripting Host from my machines, and refuse to open any attachments that have active content, period. This makes a number of Web sites inaccessible to me, and I can't convince various WebMasters that active content on the Web is a first-class stupid idea. Why do they use active scripting? Because they say it makes their Web site more attractive, or easier to use, or some such balderdash. To me, it means they are willing to conspire to either be virus vectors or demand that we compromise our immune systems. I consider active Web content to be a sign of social irresponsibility.

What amazes me is the ACM site actually requires JavaScript to function, or so it claims. Also cookies. It is unfortunate that amateur Web designers with no sense of social responsibility are actually allowed to create sites for such important professional societies. Worse still, the professional society is apparently exercising no oversight whatsoever on the process, or has become inhabited with people who clearly do not understand the technology and its implications!

Until we start boycotting Web sites that require that we open our computers to penetration, they won't get the message. This is not a Microsoft problem. This is the result of hundreds of thousands of completely irresponsible WebMasters creating an environment in which systems must be inherently vulnerable.

But the deeply hypocritical aspect of the comments Bill Joy made is that back in the early 1980s we refused to install email on our Unix system, because there were several massive, well-known, security holes in the email system. This caused our sysadmin a lot of grief, but he held the line and required everyone to get email on our mainframe, which didn't have any known email security holes. Sun had been informed numerous times about these security holes, and their attitude was, as I recall, "We could fix it, but we won't, because fixing it would inconvenience our developers". Hundreds of Sun customer sysadmins had requested, for years, that Sun fix its security holes. They didn't. In fact, they actively refused to do so.

From the Ubiquity article:

JOY: Consider the "Love Bug" virus, which was made possible because Microsoft didn't get economic signals; the kind of sloppiness this represents is something that we just can't afford in the physical world technologies. But Microsoft didn't have any economic signals to tell it that its software should be of higher quality, nor did the company feel that it was likely to be liable for ecological consequences of deploying software that was well-known to have problems with viruses, or it would certainly have acted differently.

Several of these holes let Robert Tappan Morris get his Internet Worm into the Sun systems all over the world. It is worth pointing out that Sun assumed no responsibility for this, and as far as I know never apologized for it. In fact, I heard about the worm the day after it hit, from a friend, and I said "How did it get in?" He said "The email hole" and I said "Which email hole?" knowing of several. When Sun knew about penetration mechanisms for at least six years (that I know of) and hadn't fixed them, I don't think anyone from Sun is entitled to point fingers at Microsoft.

I said essentially the following back when the RTM worm caused the shutdown of thousands of Sun systems. In fact, I could paraphrase what I said about Sun using the following words (these were the words edited out by the Ubiquity editors. Can anyone explain to me why this would be done?):

Newcomer: Consider the "RTM Worm", which was made possible because Sun didn't get economic signals; the kind of sloppiness this represents is something that we just can't afford in the physical world technologies. But Sun didn't have any economic signals to tell it that its software should be of higher quality, nor did the company feel that it was likely to be liable for ecological consequences of deploying software that was well-known to have problems with penetration attempts, or it would certainly have acted differently.

How quickly we seem to forget our own history!

[Dividing Line Image]

Send mail to newcomer@flounder.com with questions or comments about this web site.
Copyright 2000, The Joseph M. Newcomer Co., All Rights Reserved
Last modified: March 20, 2003