Andrew Rondeau

Software Developer, Audio Enthusiast

The below letter was written in response to a statement from Howard Schmidt, former White House cybersecurity advisor. He argued that software developers are solely responsible for security issues. My response, states that the company developing software needs to be held liable for defects.


As a professional software engineer, I strongly disagree with the stance that “Software developers should be held personally accountable for the security of the code they write”. My opinion is based on an engineering disaster that I studied when I was in college.

In 1986, the spaceship Challenger exploded, killing the astronauts that it carried. Upon investigation, it was found that the engineers who designed the faulty parts discovered the problem and notified management. The real fault for the Challenger disaster was miscommunication and an unwillingness to miss a launch date.

Negligent Software Developers are not the only cause of security holes. Inadequate testing, complicated development tools, lack of “proofreading” source code, poor user interfaces, and bad management also need to share the blame. For example, it is common in the software industry for management to set unrealistic development timelines, resulting in software is written quickly and shoddily.

With automobiles and baby strollers, the entire company is held liable for defects, not the engineers. Likewise, it is appropriate to hold software companies, not software developers, liable for security holes.

This is an open letter to the internet advertising industry. It is targeted towards companies that advertise, advertising agencies, and web sites that host advertising. The letter was originally a reply to an interview with Bennie Smith, a DoubleClick executive. The interview is posted here: http://www.zdnet.com.au/news/software/0,2000061733,39198608,00.htm

Dear Bennie Smith and the online advertising community:

Recently, I read an interview that you conducted with ZDNet in Australia. I find the attitude that you convey in the article indicates that you seem to have forgotten some simple business rules that exist to provide a mutually agreeable experience for all parties involved. These rules are as follows:

  1. The Customer is always right
  2. Never insult the customer

Instead of faulting the customer for going out of his or her way to block advertisements, perhaps a better approach would be to find out why online advertising is so disturbing that customers go out of their way to block them. By focusing your efforts on avoiding advertising techniques that internet users find offensive, you can remedy situations that cause the internet community to actively block your ads.

Below, I list some advertising methods that are the reason why I continue to seek effective methods of blocking unwanted ads. Afterwards, I offer some best practices that, if followed, would not trigger me to prevent ads on my computer. While other users may have differing opinions, I firmly believe that these comments represent the majority of serious internet users.

Offensive Advertising: These describe ads that the internet community finds offensive.

  1. Pop-ups: Making windows appear on my computer is inappropriate, and it was a mistake to put such functionality into the browser. Now, whenever a pop-up manages to hack around my pop-up blocker; I close it before I see the ad.
  2. Annoying Sounds: Some ads make noise continuously, or will beep every few seconds indefinitely. This is inappropriate, because many people, including me, leave web pages open when they are not reading them. For example, there are web pages that I open when I arrive at work and read throughout the day. A few weeks ago, one of the “free PS2” ads caused my computer to make annoying Star Wars sounds while I was trying to get work done.
  3. Animations that jump on top of text that I’m trying to read: Wouldn’t it anger you if some salesman started waving a flyer in your face while you were trying to read a newspaper? I am a fan of ads that become larger when I mouse over them.
  4. Animations that flash so fast that I can’t concentrate: These are quickly scrolled off of the screen, unless I’m on the floor in an epileptic fit.
  5. Anything that slows my computer down: Some people block ads simply to make web pages load faster. Common offenders of this phenomenon are poorly-programmed ads that peg the CPU at 100% utilization. I recently started blocking ads on AOL’s IM client because one of them would needlessly hog my CPU, causing my computer to perform very slowly.
  6. (Most) commercials: When was the last time you had to sit through a commercial to read an article in a newspaper? Commercials are inappropriate on websites that are essentially newspaper articles and reference documents. They are appropriate on passive entertainment sites that mimic television.

As of now, (July 5th, 2005), the only ad blocking software that I use is pop-up blockers and spyware protection. If ads that make excessive noise or slow my computer down become more prevalent, I can forsee blocking those as well.

As a corollary, here are some recommended best practices that will minimize the proliferation of ad-blocking software:

  1. No more pop-ups! You can find a better technique. Considering that they get significantly more eyeball time, banner ads that grow when the user mouses over them are much more effective.
  2. Don’t disturb or annoy the user: The following is true of all web pages:
    1. Some people open a page in the background to read at a later time. 2.Some people open a page and leave it in the background indefinitely.
    2. Some people listen to music on their computer and get aggravated by ads that make noise indefinitely.
  3. Be gentle on the user’s computer:
    1. Don’t use excessive bandwidth unless the user is interacting with your ad.
    2. Don’t use all of the CPU cycles. If you ad causes a 100mhz Pentium to run poorly, then it’s too greedy.
  4. Be gentle on the web page that’s hosting your ad, after all, it’s what is drawing people to see your ad.
    1. Do not cause your host page to have a significant delay while your ad is loading.
    2. Do not cover your host page unless the user is interacting with your ad.
    3. Do not create such a distraction so that it is difficult to concentrate on the host page.
    4. Don’t “bite the hand that feeds you” by obscuring the host page.
  5. The hyperlinks in ads should open in a new window. This applies more to flash ads, because the user can’t choose to open the ad in a new window. Forcing the user to leave the site with content diminishes its value and disturbs the user’s train of thought.
  6. Don’t treat the web like TV or a video game, unless the web site is like TV or a video game. Most content sites are like newspaper articles, where there is no control over the reader’s attention. When was the last time you had to sit through a commercial when reading a newspaper? When was the last time a print ad jumped on top of the article you were trying to read? Do the magazines on your bookshelf make noise?
  7. My computer is not your billboard! Would you ever put stickers advertising a product on someone’s windshield? Would you ever stick a sign in someone’s lawn? My computer is my private property, and not a “marketing opportunity”; sneaking ads into every corner of my computer is an invasion of my personal space.

By adopting these recommendations, internet advertisers will be able to tailor their advertising techniques so that the internet community will not block their ads. Advertising is needed to fund most web content, but over-aggressive advertising can quickly diminish the quality of the content delivered.