Letters to the Editor

Letters to the Editor



You won't find eggs in open-source code

The discussion of Easter eggs and other unpleasant surprises in proprietary software is an interesting one [GCN, March 20, Page 42].

There are really two problems. First is the black-box nature of proprietary software, meaning the source code is locked and only the software vendor has access. The result is that you don't really know what you are getting, and Easter eggs, such as the flight simulator in Microsoft Excel, are worrisome reminders that you certainly are not getting what you expect.

Second, this kind of thing gives rise to concerns about software quality in general.

Users are far less likely to find Easter eggs of this magnitude in open-source software because the source code is not locked away but available for anyone to view. The rigorous and open nature of development means that surprises are not possible, and I doubt that an open-source community developing a spreadsheet program would tolerate that kind of frivolity.

An occasional playful comment is one thing. A hard-to-maintain irrelevant chunk of nonfunctional code is another.

In the case of open-source software, a programmer knows that his work is going to be subjected to wide scrutiny. A good programmer would welcome this, just as an artist likes to show off his work.

If we see a flight simulator in Excel, what is there that we do not see? Presumably the flight simulator was not something that the various levels of management and quality assurance were aware of. I don't think it is reasonable to think that Microsoft Corp. is this irresponsible. More likely it is simply something that was the plaything of a small group of programmers, and no one else knew about it.

But if that small group of programmers can put in a complete operational module without proper checks, what else can they put in? Are all the parts of the system properly documented? Properly designed? Properly tested?

As recent news indicates, Microsoft did not know about a secret backdoor in its FrontPage Web software. A password phrase put in by Microsoft engineers in one of the server modules reads, 'Netscape engineers are weenies!' Knowledge of this phrase, which Microsoft calls an obfuscation key, can be used to gain illicit access to sensitive information.

Open-source software provides a powerful way to address the issue of such surprises.

Robert Dewar

President and chief executive officer

Ada Core Technologies

New York

Web accessibility is not just for the disabled


I read the article about Web accessibility and Section 508 of the Rehabilitation Act Amendments of 1998 with great interest and have a few comments [GCN, April 17, Page 1].

First, expanded Web accessibility isn't just for disabled users. Although Section 508 is centered on the disabled, increased Web accessibility would be for people using old or text-based browsers, people using new devices such as personal digital assistants and cell phones, and international users.

The problem isn't that government agencies are going to have to retrofit their Web sites to make them more accessible, it's that the browser companies such as Netscape Communications Corp. and Microsoft Corp. don't fully support World Wide Web Consortium standards, which recommend built-in accessibility.

Unfortunately, too many Web managers see Section 508 as a burden. The only reason it is a burden is because Web managers will have to create workarounds to make sure their sites are accessible at all. Workarounds would be completely unnecessary if commercial Netscape Navigator and Microsoft Internet Explorer fully supported standards so Web managers could use built-in accessibility.

Check out standards information at www.w3.org/TR/CSS-access and www.w3.org/WAI/References/HTML4-access.

B.K. DeLong

Research leader

ZOT Inc.

Watertown, Mass.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above