Hacker Newsnew | comments | show | ask | jobs | submit login
Consider your naming schemes - a cautionary tale
21 points by ColinWright 1431 days ago | 4 comments
Recently we had a contract for a large company that required the code be put in escrow. This isn't unusual, we're in an industry where if you have fewer than 10,000 employees you're regarded as small and a risky proposition. We have succeeded despite that perception because we're very good at what we do.

So an agent for the appointed escrow company comes in to vet the software, check that we can do a full and complete build from the source provided, and then are about to take away the copy to put in safe storage. It'll never be seen again unless we fail to meet our (fairly reasonable) obligations.

Then the agent doing the vetting asks for a break. He goes away and makes a phone call. Then another. Then another. Finally he comes back and says that he has a legal responsibility to report us to the authorities.

Why?

We use a package called "upskirt" - https://github.com/tanoku/upskirt - and he has concerns not because it's open source, but because of the potential pornographic implications.

It takes a while, but we manage to explain several things:

* One - it's not actually part of the system we provide to the customer, it's just used in our internal documentation system

* Two - it's not what it seems. Programmers (we've learned never to use the word "hackers") have an odd sense of humor.

* Three - under the legal agreement we have they are welcome to check our systems for "inappropriate" material.

* Four - it's not actually their responsibility, and they are over-stepping their bounds

* Five - but it doesn't matter, because it's not what they might have thought, and it's all OK.

Even so, I can just see federal agents coming in to seize material on the basis of something like this, and then we're screwed. 30 people out of work.

We've now purged our systems. We've traced every filename, grep'ed every file, and generally undertaken the mammoth task of removing anything that someone not steeped in hacker culture might find questionable.

So by all means, continue to use clever and risqué names for your projects. Just don't expect me to use them.

========

The above is not a true story, although most of the elements are true. We do put code in escrow, we have had to explain "questionable" names, and we have had to convince someone not to call the authorities. I've put the components together into a single story for effect.

The result is real. We won't, for example, use "upskirt" at work.

(edited to correct a typo - there are probably more)




I think it's entirely reasonable to expect "professional" developers (including those who share their code online) to use names which make them easy to find using a search engine. The name "upskirt" fails this test because a search for that term will return a lot of results which are not only unrelated but also NSFW.

-----


It occurs to me that Upskirt is released under an MIT License, and is hosted on Github. So it would take approximately one click to create a fork and rename it to something else. The names of the files under the src/ directory are things like "markdown.c" and "buffer.c", nothing pornographic there.

I agree that when creating an open source solution, you should name it something work-appropriate. On the other hand, picking a name that's unique tends to get it to stick in developer's minds (who read about lots of open source solutions on a daily basis).

I guess I'm just saying: it sounds like you spent a lot of work on a "mammoth" task that could have easily been handled a different way.

-----


We're now purged our systems. We've traced every filename, grepped every file, and generally undertaken the mammoth task of removing anything that someone not steeped in hacker culture might find questionable

If I was a federal agent, that'd be the reason why I'd get suspicious. Why are you destroying evidence that you did not violate any laws?

As for avoiding upskirt (at least the name), you're in good company. The geek feminist community also hates the name (which I can understand of course).

-----


It's really unfortunate. Even working with small clients (for example, one guy testing the entrepreneurial waters), I'm just not going to tell them "Hey - I'm going to use upskirt." It makes me look unprofessional. And yes, people do ask what I'm using.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: