-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Sluggers,
I have been (very politely) informed by the previous IT person that the
solution that currently exists on the server is a total rewrite that he
did (in VB6), and that it is his proprietary solution that he developed
under contract. He must have "inadvertently" left the code on that
machine. This was not what I was initially told, but it has now been
confirmed.
Translation: Not my problem.
We had a discussion about what I saw, and he said that the security
problems I brought up were not an issue, because he configured the SQL
server and the client systems not connect unless authenticated (at
least, that is what I gather he said). All of this is stuff that the IT
guy /ought/ to know, but documentation is apparently not currently part
of their IT process (though the non-IT business practices of this
company are some of the best I have ever seen in my life - they should
teach an MBA or something).
He did say the expected lifetime of this system was another two years,
when the government was forcing the adoption of new systems.
Just glancing on the source code (that is his apparently) has reinforced
every reason I maintain in wanting to see the source code for every
system I use - or at least wanting to be able to see the source code for
every system I use.
I am firmly convince that if someone doesn't want you to see the source
code for an application (and I went well beyond this particular incident
to generalizing quite a while ago), then the code is probably a mess.
To state it another way:
If there is a reason they don't want you to see the source code, that is
a reason not to use the software. I'm not saying they should let you
modify the code, or they should let you share the original code and your
modifications with whoever you want, or that you shouldn't pay for the
privilege of using the software. What I am saying, is that you should
be able to see it and audit it if you use it.
Having access to the source code is like an independent dealer offering
you an after-market warranty on a car: if he is willing to make a bet
that the car will cost less than x dollars in problems, and expects to
make a profit on the bet, then you are assured the car has some level of
quality /even if/ you don't buy the warranty. Likewise, if someone is
willing to show independent others the source for your product, /even
if/ you don't look, you are assured some level of quality in the code.
I like that last bit - I think it is going in the marketing materials
for my new project. Cool beans.
Thanks for letting me vent, and thank you for all your suggestions. I
have learned a lot from this experience, and feel personally enriched by it.
- - Scott Grizzard
scott@scottgrizzard.com
http://www.scottgrizzard.com/
PS: If there are any GWT programmers (or hard-core JAVA folks) out
there, I am working on a commercial open source project (one with money
at the end of the rainbow), and we are moving into the market for a good
programmer. If you know anyone, I'd love to have a lunch...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkovyRUACgkQARR1QiSWUG7vcACgl9ZgN6hIS/ytYURyx+udxR4T
HYMAoKl/2Nk1p0lYgs6mTVI02FNEGJKA
=LSj8
-----END PGP SIGNATURE-----
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:10:56 EDT