A Question of Ethics

Let’s get right to the bottom line here.  All software can be improved, currently has imperfections, can be enhanced, …  Otherwise, we’d be living in a world of version 1.0s.

At times, I’m just amazed at the cracks and corners of the online world that my morning reading discovers for me.  Yesterday, it took me to this story “Microsoft Complains About Google…“.  The gist of it, as I read it, was that Google found a vulnerability in Windows 8.1 that allowed a regular user to become an administrator.

If you do enough back tracking, you’ll find the original notice and description of the problem here.  At the bottom of the report, you’ll see this:

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

It’s a bit of a technical read but i wouldn’t hesitate to assign it to Grade 12 Computer Science students for reading and as background to the activity described below.  As you’ll notice from the original article, Google did make the announcement public after the 90 days and the comments to the original article indicate that not everyone is appreciative of this release.  More details here.

I had a discussion yesterday and tried to describe a parallel situation – if there was a big pothole in the front of my house, I would call the Department of Roads to let them know even though they own the road and should know all about it.  If they don’t patch the pothole in a timely manner and I know about it and an alternative route, shouldn’t I do something about it rather than sitting on my porch watching accidents happen?

It’s probably a stretch but was the best that I could come up with at the time.

I think that the whole situation is just perfect for a classroom discussion on ethics.  From the ISC4C course Computer Programming described in “The Ontario Curriculum, Computer Studies – Grades 10 to 12” comes a section dealing with Ethical Practices.

D2. Ethical Practices

By the end of this course, students will:
D2.1 investigate and describe an ethical issue related to the use of computers (e.g., piracy, privacy, security, phishing, spyware, cyberbullying);
D2.2 describe the essential elements of a code of ethics for computer programmers, and explain why there is a need for such a code (e.g., plagiarism, backdoors, spyware, unethical programming practices);
D2.3 outline and apply strategies to encourage ethical computing practices at home, at school, and at work.

Here’s a real world instance of an ethical issue that I’m sure would fire up both sides of the discussion.

Some of the discussion might include:

  • did Google make the world less safe by releasing this information?
  • did Microsoft drag its heels for 90 days and need a shot in the arm to get it fixed?
  • is the situation just one corporate giant pitted against another and it would have happened no matter what the issue?
  • is there value in having another set of eyes look at your code?
  • is a teacher unethical if she/he watches you program and doesn’t offer a suggestion for a bug fix?
  • if our school computers use Windows 8.1, what are the ethical issues around trying this out to see if it works?
  • if we know of any other vulnerabilities in school computers, should we tell our teacher or the IT Department?
  • why didn’t Google just fix it?

The last question opens the door to a discussion of proprietary versus open source code.

Windows, of course, is a proprietary operating system.  Without access, there’s nothing even the best programmers could do.  I have two visions here:

  • Proprietary – there’s a “Department of Something’s Broken” that has a talented team writing patch code, running it through qualify control, and then testing it on banks of computers from every manufacturer known and a standard defined that needs to be met before releasing to the general public;
  • Open Source – some guy in his basement in Iceland works with the code and releases a fix within minutes that works on his computer.

I’m over exaggerating, of course but it contrasts two systems able to address a problem that pops up.  All of this is good discussion material that certainly goes a long way towards addressing some of the expectations for the course.

The point is moot by now.  There will be a patch released today to fix it.

But what an opportunity to have a real world problem discussion.


OTR Links 01/14/2015

Posted from Diigo. The rest of my favorite links are here.