ISWIX, LLC View Christopher Painter's profile on LinkedIn profile for Christopher Painter at Stack Overflow, Q&A for professional and enthusiast programmers

September 13, 2007

Setup Ethics

I noticed an interesting article linked on Slashdot alleging that Microsoft is now pushing down stealth updates to Windows clients even when users have not given consent by turning off automatic updates. This is of particular concern to corporate environments where change control and testing is very important.

It makes me think again about the power Deployment Engineers have and are sometimes asked to wield. It's almost a given that we will run with elevated privileges. With this great power comes great responsibility. I get really irritated thinking about some Setup Developer going along with management to push down software without consent, install root kits, install Spyware, put crap on the desktop, automatically start programs on login.... all without user consent. There really should be some code of conduct that takes into consideration ethical treatment of the customers machine and we should really push back on management asking us to do unethical things.

I recall back to 1997-1998 when I was asked to add a call to secedit.exe and apply the Compatible Workstation policy to resolve an application compatibility bug. First of all this was the wrong solution to the wrong problem... fix the damn application. What was worse was that the requirement came across to do it without notifying the user. Another time I was asked to change the regional date/time settings.

I was livid and I absolutely refused to implement either of these requirements. But I can't help wonder how many other developers would have gone along with it.

If the story about Microsoft is correct, it seems they have some Deployment Engineers that don't have any issues at all with doing what they are told.

2 comments:

Anonymous said...

Hear, hear!
I try to use my own experience as an end user as a general rule of thumb. I'm a pretty savvy computer user, so I don't like applications taking liberties with my machine that I didn't specifically authorize (or even know about). So when writing our setup kits, I try not to do anything that would piss me off if it were done to me by a kit I was running at home. It's a good rule of thumb for overall design, too.

Anyway, great food for thought, as always

Anonymous said...

Ah the age old ethics discussion.

I couldn't agree more with your stance on this. Eons ago when I was in school, a CS professor brought up a very valid point in that he said, "...Even though there are no official licensing/certification required for software engineers and the like, doesn't mean we cannot hold ourselves to high ethics.."

Heck I've walked away from a job because I just couldn't do what upper management asked of me.