The FISMA Focus IPD

Editor’s Note:  The apparently trivial issue discussed below raises the serious question of what hidden security threats may be buried in “open” source software.

From: Network World

Microsoft code contains the phrase ‘big boobs’ … Yes, really

UPDATED: If you thought we might be beyond this stuff by now, think again

Some chucklehead working for Microsoft thought it would be funny to slip a thinly camouflaged sexist remark — “big boobs” — into software code that connects the Linux kernel to Microsoft’s HyperV virtualization product.

Naturally, someone noticed — that was the intent (snicker, snicker) – and, as should surprise no one, criticism has ensued, since the vast majority of grownups have come to recognize that this kind of juvenile nonsense has no place in the business world.

And, just as predictably, there are critics of the critics — apologists and enablers for this chucklehead and others like him — who insist on defending  the non-existent right to be just a little bit sexist, even at work, as long as it’s just a little bit and as long as not too many people notice or are offended. Lighten up, you nags, is the operative message from these folks.

Yes, still, in the year 2012.

Yesterday I asked Microsoft for comment and a public relations representative said she would seek one. (Update: It arrived 45 minutes after this posted and reads: “We thank the community for reporting this issue and apologize for the offensive string. We have submitted a patch to fix this issue and the change will be published in a future release of the kernel.”) Here are the particulars of what happened.

Linux developer Matthew Garrett writes on his blog:

Paolo Bonzini noticed something a little awkward in the Linux kernel support code for Microsoft’s HyperV virtualisation environment – specifically, that the magic constant passed through to the hypervisor was “0xB16B00B5”, or, in English, “BIG BOOBS”. It turns out that this isn’t an exception – when the code was originally submitted it also contained “0x0B00B135”. That one got removed when the Xen support code was ripped out.

At the most basic level it’s just straightforward childish humour, and the use of vaguely-English strings in magic hex constants is hardly uncommon. But it’s also specifically male childish humour. Puerile sniggering at breasts contributes to the continuing impression that software development is a boys club where girls aren’t welcome.

Piffle, harrumph the apologists, a number of whom contributed their tired rationalizations – “even my wife thinks it’s funny” – in the comments on Garrett’s post. And then there’s this full-throated rebuke of Garrett by Sam Varghese writing at ITWire:

Of course, this assumes that everyone in the world is reading kernel code while they have their eggs and bacon (or whatever it is people have breakfast in different areas of the world) and being shocked at the use of such expressions in the code.

The words “f***”, “shit”, and “bastard” have been increasingly present in the kernel code since the 2.4 release. That, however, has never bothered Garrett.

But a juvenile use of hex? That’s reason to raise the Titanic.

By reacting to such nonsense – and the code does not come from any Linux kernel developer, it is all from a Microsoft developer – Garrett has trivialised a cause that requires, perhaps, a little more than boy scout behaviour to be tackled.

Go ahead and count the red herrings in that passage; there’s an entire school swimming around in there. The heartening news is that Varghese is getting an earful from his readers who do not agree with him; here’s my favorite offered by Mairin Duffy:

As in so last century old.

Everyone, of course, is entitled to their own opinion as to whether this particular “joke” was offensive, and, if so, whether it’s worthy of criticism. Offensiveness is largely in the eye of the beholder.

What you’re not entitled to is your own opinion as to the state of today’s workplace laws, rules and general expectations, both those of employers and most employees. These matters have settled into the realm of fact, not opinion (as a Boston radio personality is fond of saying). You cannot use sexist phrases like “big boobs” even in obscure corners of the workplace; even in obscure corners of software code. You can’t do it without risking being called out, at the very least, if not officially censured … or worse. You can’t do it without also exposing your employer to risk. You can’t do it without offending people. And you can’t do it without making yourself look like, at best … oh, let’s go there, a boob.

You just can’t do it.

Again, this isn’t an opinion; it’s a factual characterization of the 2012 state of affairs as they exist in this country. And, moreover, this didn’t just happen; this state of affairs has been a bedrock fact for years now. That some still chafe at it, that some find it stifling, prudish, politically correct — and wish it were not so – these, too, are facts, as we’re reminded every time one of these workplace flaps pops up like a summertime thunderstorm.

The chafers are going to chafe – that much is their right — but their kicking and fussing at the likes of Garrett amount to just so much noise, nothing more, because there’s no meaningful debate about these issues anymore. The debate ended a long time ago.

Now there remains only a need for the holdouts – like Mr. Big Boobs — to change their behavior.

Care to argue otherwise? OK, find me a single corporate legal counsel, a single human resources professional, or a single high-level executive – man or woman – who will attach their name and reputation to the view that it’s OK for a software developer to slip “big boobs” into code that carries their company’s name.

Good luck.