Reflecting on the state of social media on the Isle of Man

Photograph of Social Media Club dinnerAs a small island, separated from the mainland but connected to the world, the development of social media has been an interesting story.

Whilst social media had been adopted as the platform of choice for younger generations, companies were keen on understanding how to reach these demographics on their own platform and how to continue with a positive engagement. The Social Media Club was developed as a way to develop ideas and promote best practice across the social media world.

As part of this, the island’s Social Media Club met every month, ranging in number from 4 to 20 and always promoted interesting discussions, particularly with social media hitting the news for topics such as bullying, privacy and the corporate movements of the new burgeoning tech sector.

We had some successes, introducing users and companies to social media. We also had two successful Twestival events which only ceased due to the organisers’ bizarre brand-grab, raising one of the largest amounts across the world per-capita.

Where has the island come since?

Perhaps we can claim the island has reached a level of adoption which suggests maturity gained through usage, experience and even groups such as the Social Media Club lunches.

Inevitably, marketing companies have adopted the paradigm, specialising in results-based marketing and avoiding the broadcast or fire-and-forget method of reaching out to customers that may otherwise be used.

Manx Radio recently started reading out contributions from social media on their Mandate show, providing an additional channel to contribute to live shows other than the email and telephone older generations may be used to. (It’s interesting that email is now seen as an archaic medium for newer generations.) You get a better class of mental on Twitter!

Even the Isle of Man Government have jumped on, with differing levels of success and engagement according to the topic and department. Between engaging with users as tax payers and delicately straddling the line of individual privacy and the professionalism of the department, it’s been refreshing to see a little bit more transparency.

Further signs of maturity on the island is the consideration of the effect of social media on the island’s unnaturally small juries. Chris Robertshaw has embarked on an exercise of determining whether enough people are in the juries and how the judiciary will mitigate against influence from what is a tightly bound island community online.

In reflection, we remain a separated island but are very much more connected.


The role of ethics on a licence to practice

Just because it's dark doesn't makeit unethicalI’m firmly of the opinion that the IT industry should have a licence to practice, or at least a recognised qualification or membership that indicates that you are serious about your conduct within your career. The best body for this as it appears to stand in the UK is the British Computer Society. Unfortunately, the BCS remains  an embarrassment and continues to fail to make an impact on employers and professionals in respect of a licence to practice, or even recognition of any ethical standing. Despite their reinvented Chartered IT Professional status, they remain invisible and irrelevant.

IT is an industry that now touches us all and the risk of our data traversing physical, network, jurisdictional and geographic boundaries has come into sharp focus with an increase in the number of data leakages and ‘hacks’ that serve to showcase anything from a security hole to the hubris of an anonymous script kiddie. As an individual working within this profession, one should have to commit to exercising every possible effort in maintaining one’s own ethical position, which would include their role in ensuring the projects within which they work make every possible effort to perform to the same standard. The BCS has their own Code of Conduct which attempts to create a position of professional and ethical performance but this does not offer any real sanctions other than being “struck off” as a member of an entirely irrelevant register.

Had a workable and enforceable code of conduct or ethics existed, would we have seen any of just a few of the recent scandals?

  • Volkswagen’s discovery (not admission) that they had used software to cheat in emissions tests for their vehicles under specific test conditions required effort by at least one developer who knew exactly what they were trying to achieve. These developers breached ethical considerations which surely span cultures; thou should not lie. VW’s American CEO Michael Horn claimed in congress that it was two software engineers that came up and implemented the cheat. Of course, we should consider that they may have felt pressured to implement the cheating software, but had there been a substantial professional body behind them they may have felt confident in blowing a whistle.
  • Adobe had 153 million accounts exposed in 2013 which revealed usernames, email addresses, encrypted passwords and unencrypted password hints. Unfortunately, the passwords were encrypted weakly meaning it was fairly easy to brute force the encryption based on repeated sequences of data. Coupled with an unencrypted password hint which only serves to undermine the weak encryption and it makes one wonder whether the developers stopped and thought, “are we doing enough?”
Then there is the incompetence:
  • This year saw 780 people “outed” as HIV sufferers by a leading sexual health clinic. The cause was a basic human error of pasting the email addresses into the wrong field. It’s very easily done. This very basic administrative error has major repercussions on lives.
  • We have our own case of gross incompetence on the Isle of Man. Earlier this year, hundreds of individuals’ email addresses were shared across email, again as a result of the basic administrative error of using the wrong email field. What happened? The Data Protection Commissioner took no action and all that could be seen were some red faces.
Such examples of incompetence are not malicious, but they are indicative of lack of training and oversight. Had ethics been considered, any transaction with any personal data would have been conducted with the greatest of care. Even more shocking is the lack of action by a Data Protection Commissioner whose very position is based on ethical and competent use of data.

I did miss one recent high-profile hack, that of Ashley Madison. This raises an interesting point. Within an ethical framework, where does one’s professional ethics come into play? Personally, I believe that as long as the programmers were honest in what they were doing, regardless of society’s view on the ultimate effect of their actions which are quite rightly extremely serious, then they should feel confident in their professional conduct. The programmers have apparently gone to great lengths to safeguard the identities and security of their clients. We still don’t know how the hack was performed or whether it was an inside job, but based on the news and discussions, security was seemingly tight. This notwithstanding, their managers’ decision not to delete data from individuals paying to be deleted is blatantly unethical and these individuals should feel the full force of the law as punishment.


Using an anti-pattern still enhances your maturity

Programming has approached a level of professionalism that suggests we now spend a lot of time meta-programming, naval-gazing and writing a whole lot of complex code just to avoid smells.

Meta-programming could be described as programming about programming. As our tools get more advanced and our systems get faster, we can now write code that writes code and write code that analyses code. What’s the point? Visual Studio has finally integrated the Roselyn Compiler-as-a-Service feature which brings the compiler in as a first-class citizen so you can generate code and analyse it from within your own program. But wait, the last time I looked, it was an anti-pattern to dynamically generate code.

This self-analysis of code has otherwise been a manual process, supported by burgeoning communities of self-aggrandising architects such as those gaining increased scores on sites like Stack Overflow. Thou shalt not code in JavaScript in an imperative fashion, though shalt not use global variables, and it goes on. We’ve got to the point of intellectualism that we are able to create arbitrary levels of maturity and compare ourselves and others against them with little consideration of “why?”.

In order to leverage new features, avoid the judgement of our peers or even ourselves, we’ll go to great lengths to create patterns of best practice which decouples concerns, increases testability and complies with the latest guidance of our peers – however much work that may take. We must avoid the Anti-pattern, lest we be judged.

But the Anti-pattern is still a pattern, so suggests some level of thought and maturity.

I’m reminded of the Capability Maturity Model (CMM), which is a model of maturity applied to organisations to identify whether their processes are chaotic or structured so are repeatable, measurable, testable and therefore able to be improved. Of course, the software industry hasn’t allowed itself to avoid its own naval gazing and has come up with various mirror models. Many of these are arbitrary and perhaps form an extra string to a consultant’s bone, such as the Software Development Maturity Model, the Software Assurance Model, and of course there would be an Agile Maturity Model developed by … a consultant.

We’re perhaps too quick to judge software code and not understand why it is what it is.

As a developer, one of my struts for my professionalism is the decoupling of concerns. This is simplified such that no module ultimately depends (or even knows) about any other module. You sort of “wire it up” during a bootstrapping process. At the moment. We used to think that modules should know about each other, but perhaps on a more restricted scale, so the database would be “known” by the behaviour, but not the presentation. Now, technology has come so far and developers’ minds have grown so large that we now realise this is bad practice. So we use Dependency Injection whereby a single element of the code performs the wiring up, invisibly, automatically and somewhat magically. You don’t need to know how, just why. Wait … what?

Dependency Injection develops on the previous best practice, the Service Locator – which is now an anti-pattern. But I know how and why with that pattern. But it was a pattern. A Service Locator could be regarded as a central authority for identifying what modules in your code did what. You’d go to this and ask for the code to access the database or perform a particular process. It was, in effect, a global variable which itself had developed from previous practices.

Last night, about 2am, I found myself writing a service locator Anti-pattern, direct from Microsoft’s evangelists, no less. This is the NavigationService (the clue’s in the name, I realise) which was passed around as a property in view models within Windows 10 apps using the Template10 project. I immediately recoiled. Sure, they’re passing it around as a property, but it is still a Service Locator. But it is also 2am. A pattern’s a pattern. And I went with it.

The fact that there is a scale of these practices, each time evolving to improve their perceived professionalism based on a fad or a consultant’s USP, suggests maturity. Using the Service Locator, I deliberately considered the risk (code smell, limited decoupling, global variable in all but name) with the benefits (it’s 2am) and strategically decided on an outcome. According to the ubiquitous CMM this at least puts me at level 3 – it’s a defined process that is documented and can thus be improved.

Best practices avoid code smells and become themselves anti-patterns. You just need to look to spot this moment and switch tactic at the right time.

The maturity here is the consideration of the time, the rapid delivery that is so craved by Agile techniques and the enthusiasm to get to the next problem and using an anti-pattern – but knowing why and committing myself to returning and improving my own process later. I come across anti-patterns regularly, after all, no developer ever said “wow, the previous developer’s code is certainly better than my own.” But I stop and think. Considering how busy I am now, could this not be where my predecessor found himself? Was that the best practice at the time?

So my Service Locator Anti-pattern is justified. Publicly. Deal with it.