 iswelf that in this one please make it feel very welcome Chris Brosnan. Thanks everyone for coming here. When we talk about FX and morals in web development obviously we see them in other professions I've seen them in the medical profession in law and so on. I feel like our web development in the digital sector as a whole is growing now So we need to start thinking about these questions, particularly with how software, including websites, is changing. So I slightly touched on it, but why do we talk about ethics and morals in web development, or why should we? Well, first of all, we work with all kinds of people and a large variety of people as clients, as stakeholders, as colleagues, peers, and users. And within those groups, we find so many variations. And good websites, in my opinion, are those which are not only created well for performance and code quality, but also are accessible and have an ease of use and can be adapted. So before we get into what this might mean for development, what are the differences between morals, ethics, and law? Morals and ethics are often used interchangeably, but they are very different. And this is not just a philosophical argument. It's actually a fact that there is a difference between them. So morals are what you hold yourself to be right and wrong personally. So that could be down to your religion or religious upbringing. It could be a result of cultural norms, or it could be parental influence, or so on. It's not so clear fact. It's something that's dictated by you personally. Ethics, on the other hand, usually have more of a professional context. So, for example, the medical profession has its own ethics. Law has its own ethics, and teaching does. So this is largely professional standards and rules and what you may see in academia, for example, or in other professions. Law, very simply, we all know this, just very clear-cut regulations with sanctions for not following those rules. So it's more societal rather than something professional or moral. And they're not always in sync with one another. As we'll find when we think about GDPR and such, it may not be always in sync with... These concepts may not always be in sync with one another. So, for example, if we were to take one of these examples, or two, rather, experimental and animal pharmaceutical research, depending on the methods used, it could be regarded as ethical, but to many it may not be regarded as moral. And on the last example, well, same-sex marriage is still illegal in many countries. In fact, homosexuality is still illegal in many countries. But as we saw in the UK before its legalisation, we saw that there was a lot of public support for that. So we see it's sometimes legal. The law may not always be entirely on the side of morality or in all cases. So this is why these things are not so clear-cut. To write it down, why is this related to software development? Because it may seem to you guys that it's going off on a bit of a tangent, but it's now going back to the main topic at hand. So it's related because of accessibility, data collection and storage, any cultural sensitivity in the software that we build, translations, and to this I would say not only linguistic translations, but also localisation of the translation and ensuring it translates well to particular communities what you're translating for. Use generated content and, in more recent years, artificial intelligence. I'm sure you guys can probably think of more examples of how certain questions that come into play as developers, contract law is another example, which is thought of quite often. But I'll tell you, taking all of those things into context, why should we talk about this in relation to web and software development? Well, first and foremost, software is a huge part of virtually everybody's life, whether they believe it or not, in terms of mobile apps, in terms of websites, which, as far as I'm concerned, websites are just no form of software, and any desktop applications they use in professionally or personally or so on. And this is used around the whole world, and we see that users take all of all shape sizes, creeds and nationalities and so on. So it's important to ask certain questions when we are adapting software for new audiences or when we're building it for everybody. And more prominently, recent scandals in the tech sector have shed some light on some ethical questions, particularly around data capturing and security. And with many social network insights, we see problems with mental health awareness or problems with mental health of users. And artificial intelligence and big data is still in the very early stages. Obviously there is AI out there, but it's still pretty rudimentary. We're not yet at the stage where it's really complex, but we probably are at the stage now where we have to start asking questions about where it goes later on. The open source ethos, to me, has more potential than just sharing code and more potential than just being part of a community of developers working on a project collaboratively, which we have seen in the real world. We've seen board games and professional bodies that have an open source ethos. We've seen other sorts of media that have an open source ethos. So, and I think particularly word camps are like the open source ethos brought to life into a physical real world event. So, building software, which all these touches on that, is that now it's more than just writing code and more than just writing good quality code. We actually need to ask about usability and how it adapts to people with different levels of tech literacy and so on. And there is very real dangers of poorly-moderated user-generated content. So, whether within your application the content is, if users upload their own content, as in any social network we have used generic content, but even in terms of comments on blog posts or so on, there's certain questions to be asked about if you completely automate these comments, for example, on, let's take a very large WordPress blog, for example. Do you automate a lot of these comments on these posts or do you have them manually done or is it a mix of the two? So, yeah, in a WordPress blog it may not be as prominent, but particularly in things of social network insides, you find that these questions are much more pertinent. Now, if we were to take the moral and ethical concerns, they fall into four camps mostly. So, accessibility, data collection and tracking and the use of that information. So, not only how you store it and track it, but also how you use it. Is your company selling it to a third party? Is your company using it to deliberately market very specific advertisements to people? And I would go as far as say it's also the methods that you use, you probably need to think about. And any cultural sensitivity. So, if you are marketing, if your website is or application or whatnot is being catered to people not just in the UK or not just in the Anglesphere, you need to think about not only, first of all, about translating the content. First of all, do not assume that everybody using your site knows how to speak or read English, particularly if you are marketing it beyond the UK. And aside from that, also think about not only the translation, but actually how that translates culturally to the market that you're aiming this towards. So maybe you have a different version of a site for particular audiences. And also the moderation of used generated content for obvious reasons. This does raise some questions. Do we, for example, with political content on social networks, do we automate that moderation or do we have it done manually and what are the problems with either? Legal concerns, we know these so I'm not going to go into much. First of all, accessibility. There are laws particularly around public sector websites for accessibility. Data collection, security, user generated content and contract law. Now this, the trolley problem is something in sort of an ethics exercise where essentially the, you're presented with a scenario that a train is on a runway track about to kill five people. But you have the power to pull a lever and send it in the other direction towards one person. So you might be thinking, what has this got to do with code? Now think about it this way. So if you are at a crossroads and deciding what framework to use for something or how to approach a certain problem with features in your sites or if you're looking at how to, or even what sort of development process you use within your company, think how would, what benefits would the pathway taking have compared to going the other way and what potential benefits or shortcomings would that have? So I suppose in terms of full usability, you may find that, suppose you need to deliver a site very quickly and you take certain shortcuts and you deliver the features very quickly, you perhaps use some third party plug-ins to deliver that, but then you find that perhaps it's not been updated in a while. There are certain potential security flaws in there, but then on the other hand, you would need to take much longer time to do that project and it could be much more expense for the client or so on. That's a very basic example. There are others out there around, you could think about translations or accessibility and what may be some questions around that. So I'm going to go through some points on how you could be morally and ethically sound as a tech professional in my view. This is something that, obviously everyone would have their own thoughts on it and everyone would have their own opinions. I've led development teams and when I try to think about, rather than just the code and having good quality, I try and think beyond that, so is it what does it mean for the user and what does it mean in terms of the project as a whole. So when I think about accessibility first and foremost, I don't think about just in terms of building websites for visually and auditory impaired individuals. I also think of this around any language barriers, so translations comes into this if you're marketing towards a non-speaking audience, sorry, English speaking audience. And at different levels of tech literacy, I'm probably quite guilty of this, particularly early on in my career, where I would build an application or a website and because I knew how it worked, I tended to forget that not everybody had the same ability, so I had to go back and rewrite it and make it more simplified. So I think actually trying to emphasise a little bit with as many different users as possible and actually when you're building features, I think, well, will somebody have to go through more steps than necessary to achieve this task, or if you're building a WordPress site for a client in order to make some changes, would they need to do more steps than necessary? And ease of use generally and restriction of access where needed. So it should be easy to use generally, but then you need to make sure that there's adequate restriction of access where necessary. Secondly, I would say use good modern standards in your code and comment wisely. So just a show of hands, how many of us could admit that we've written bad code? And how many of you have written code that you then went back to later on and could not understand it? Yeah. So first of all, for that reason, obviously I learned this as well and if I'm being honest, I'm still guilty of it. I still write code that I later cannot understand or I still write code where I perhaps haven't written it in the best way possible. But I strongly believe writing good code has not only performance benefits, but it also shows consideration for potential colleagues who you're working with. So if you're going to write code, do not assume you're the only person who's going to be working on that because the chances are someone else will at a later time. And I think it shows good consideration to comment adequately. I mean, not huge blocks of comments. There's like a paragraph, but just having it adequately, so it can be picked up by another individual. And where I say modern standards, that's simply building code that can, that is future proof and can be adapted over time. So personally, when we're writing PHP, I try not to use so much procedural and I try to go more down the object-oriented or MVC route if possible. So that's on that matter. And test your code thoroughly. So this is where the sort of ethics comes into it. So all software has bugs. We all know this, all software has bugs. And you'll never be able to eliminate them fully, but you can at least minimise the chance of them causing a huge issue or at least minimise the chance of them popping up. It will always come up at some point because you can't be sure how the user might use your website in a very strange way and they might uncover something you didn't know of. But it's important to test very thoroughly because usually bugs are very harmless and at most they're just a mild inconvenience. But there are cases where they can be much more. In rare cases, they have caused death in certain applications and certain softwares. So the two examples I give here, much older, but these things do still occur. So the NORAD missile detection system, that was, I think it was a US missile detection system during the Cold War and it actually did have an error at some point that was caused by a bug in the coding and it showed that a missile was actually heading for them. So at that time, it came very close to causing a nuclear war. And the only reason it actually did not happen is because one of the lead programmers on that project actually fought back and realised that it's probably just a glitch in the system and then it was proven to be so. So it was averted. But that could have very easily gone wrong. Now, a case where it did go wrong, in a Ferrac 25, I believe this, is a radiation therapy for cancer treatments in the 80s. So essentially the software that would create a dose for those patients had a bug in it and it meant that many patients would get in up to 100 times the recommended dose. And there were at least three deaths because of that. Obviously in the medical sector, the software is probably a lot more likely to cause problems. But if you take it in terms of a domino effect, maybe your software, if it's not correctly tested for key things, it could have a domino effect and cause problems later on. So it's important to ask these things about when you're, even when you're building a WordPress site, I'd say you go, if this, is there sensitive data on here? If some bug led to it being breached, what could be the potential fallout of that? And following on from that, think of security concerns in your coding. So think as any potential hacker would. The first one, you'd be surprised how many times that does happen. If you're putting your code on GitHub or any Git repo, even if it's under a private repo, don't store passwords within, say, your WPconfig file or within, say, a Laravel project within the .env file. Because even if it's under a private repo, that could be passed on at a later time. So if you do have those files in there, I'd say any sensitive code within those files, replace it with placeholders and say on your production site, run a script to replace that with the real values. Also, if your application stores user data, I admit this until recently, this is something I wasn't always doing, but if it stores user data, when working in a development environment, I would say don't use real data. Use test or dummy data if necessary. So if that means on your development site, you have a test WordPress user accounts and test user data or so on, then so be it. It can be replaced in production. But obviously you don't know where that data could end up, particularly if it's sensitive. Test for security exploits. If the budget allows, hire a specialist and pen test it. Obviously not all teams would have the budget for that, and if not, then just test as thoroughly as possible. I touch on this area, so write your code as though you're writing it for somebody else to read, because the chances are someone else will read it and have to work on it at some point. I can think of the number of times where I've been working on a small plug-in or so on, and I assume no, I'll be the only person who ever works on this. I don't need to take these things into consideration, and then I trip myself up by not knowing what I wrote when I go back to it at a later stage, or then somebody else takes on that code later on and they have trouble understanding it. So I'll say always write with the assumption that somebody else is going to be reading it. Just to be ethical with your colleagues, I would argue, and even if you're the sole developer on a project, it's likely you will not be at some point, particularly if that project has a long life. At some point, you will not be the only developer on that project. Keep up the state with the latest technologies. Now, this is important for several reasons. First of all, for your own development, and just to keep yourself ahead of the curve, and primarily also to make sure you're building the best possible websites for your clients, and to make sure you're not using potentially outdated methods, which could also be insecure methods. And if you're thinking of it just selfishly, it is also for yourself and to add more skills to your belt. So I know it's very easy for a lot of developers to get stuck in, say, working with one particular framework or working with one particular CMS. But I do think there's a lot to learn from other communities, and there's a lot to learn from other areas of web development. And then to all new members of the community. So, again, there is a slightly self-serving thing to this, I think. Obviously, it's good to help new members of the community to learn from yourself if you're a more senior developer and to actually learn from each other if you're not more senior. And personally, I find that when I'm mentoring less experienced developers, I find it actually helps me to be a better developer. And it actually helps me to notice the shortcomings in my own skill set. So it's good, obviously, to make sure that we have more skilled professionals in the workforce in the future in, say, a few years' time and to make sure that they're equipped to help each other and equipped to build on their own experience and keep us having a steady stream of people entering the profession. And also, it does help to help yourself, at least in my experience, it helps me to mentor people. Embrace open source. So even if you're not contributing code, there's many ways you can contribute to open source. You can do testing. You can perhaps, if you're a designer, you could be designing some assets for these open source projects or giving a talk at a conference or so on. So I think it's important to contribute to open source because I believe with open source, the more you put in, the more you get out of it. So if you're contributing code, for example, to WordPress, then you make sure that you're getting a better product back and the more people that actually contribute to something, the greater it can be over time. This is, I think, the same reason why the Linux operating system works so well because it's been over many, many years. Many people have contributed to it but are giving up their time to do that, and then they get a better product back. And the same with what's been done with WordPress. Many contributions have been put in and it's like an investment of your own time, so then you get something better back. And one of the second to last point, I'll say, is don't be afraid to term down projects that you have objections to. So these objections could be political, cultural, moral, it could be around the company's reputation, or it could be objections to particular industries. I think if a budget is permitting, or if, obviously, we all do need to pay the bills so I can understand why people would take on any projects, if you're in a position to, I would argue to ask some questions about would I take on this project and what could it mean for myself or my company in the long run if this project, well, if we took this on. My general way of thinking is I ask myself, is this a project that I would be comfortable admitting to on my portfolio? Or would I be comfortable actually telling anybody that I'm working on this? I, for example, for myself, I tend to avoid stuff that's too politically charged. That's, and I tend to avoid, like, the gambling sector and anything that's too politically charged, because, but other than that, there's not really many projects I wouldn't do so long as I think the company is reputationally sound. And so I'd argue to look at your own moral framework and don't feel you need to sell out your own values just to make some money on a project. And follow your gut instinct, lastly. So ask yourself if it sits right, if the project sits right with you before accepting it. Pardon me. Before making a technical decision, ask whether any users, clients, colleagues, or anybody else you can think of would be unfairly disadvantaged by this or would be put out by this in some way. And no potential moral or ethical issues around the software is too small to consider, particularly now where software is such a huge part of everybody's life and it intertwines in every aspect of our day-to-day lives. So I don't think any moral or ethical concern is too small to think about. It may seem very trivial, but then as we find often with applications and software, a lot of them have caused some very large social changes. And at the time when they were built, these things probably would not have been thought about. But it's important to think about perhaps if you, I would argue even if you write the code in a certain way, what could that mean for performance? What could it mean for adoption? Or what could it mean for passing that feature across and how it's delivered? So my last point is thank you and let's all try and make the internet and our profession a better place. That was wonderful, Chris. And also I feel like it's very timely with AI about to take over all of our lives. Folks, have we got any questions for Chris at all? Questions, questions, questions. Okay, I'll kick off then. In your experience, what's the biggest moral or ethical issue you've had to deal with in your career, I guess? In my career, it's been mainly around data capture. And perhaps clients want into farm a lot of data on users and their browsing habits. Often they say it's for marketing, but it seems like it's kind of unnecessarily wanting to. So the way I came across that is just, I think this was before GDPR, but I simply had a frank conversation with the client and asked, well, why do you exactly need to know what they're browsing when they're on your site, say tomorrow, or why do you need to know that? And once you have a frank conversation with them, I think they realised that a lot of the stuff they wanted to collect on users, they probably wouldn't really have much use for it. And it would just be a bit creepy, to be honest. I would say that's probably the biggest moral thing I've had. The other has been around looking at competitors' sites and trying to see what we could copy from that. Thanks a lot of senses. Have we got any other questions at all? One right here. That was very interesting, thank you. Do you have any view on the kind of sentiment that sometimes expressed, I think it came from Zuckerberg, of kind of move fast and break things? Oh, sorry, can you repeat that? Do you have any view on the ethics of the sentiment, development sentiment of move fast and break things? Yeah. In development, I think that's fine. It's, I mean, obviously in a development environment, that's totally fine. That's why we have development environment, so we can break it apart and actually not worry about the implications of it. However, on the other side of that, I think my concerns are rushing software, which has been something I've had to push back a lot with some clients and stakeholders that is particularly from maybe non-techy staff who are making decisions, there's often an urgency to push this stuff into production, which I think is quite dangerous because it could be stuff that's not been well-fought out, it could be stuff that causes problems elsewhere. And my thoughts on it, in development, it's fine to do it fast and break things, but when you're actually pushing things to production, I think no application is too small to have a proper development process that goes from dev to staging and then live. Any other questions, folks? With the emphasis these days on environmental issues, obviously the internet and server farms and all the client devices consume a huge amount of power, what are your thoughts on that and do you have any suggestions for what we as developers can do to make our sites more efficient, use less power both on the server, in delivery and on client devices? Sure, so I think first of all, is if you're looking at the code specifically, have code that's actually efficient and does more in less, so that's partly why I stay away from procedural programming, I try and go class-based and MVC, so obviously you get the performance benefit from that, but it also means the server is using less resources, which means less power. On one server, it could be quite a minimal saving in power, but if every site was built in that way, it would mean less resources being used on a server farm. Aside from that, I would say if one is able to, then perhaps move the site or software to one of the green hosting companies that are becoming, it's just quite a growing industry now. Any more questions? Okay, I think that's it. Good stuff, so that was a wonderful talk. Please give Chris a wonderful round of applause.