I recently attended a training that Kevin Kempter hosted. It was a really great two night session aimed at experienced DBAs/Developers so that they could learn PostgreSQL. Kevin has a lot of experience with postgres and wanted to help share that experience with other folks. He's finding a growing need for PgSQL developers in the Denver area and wants to build up a user group and network here so that companies deciding whether to use PostgreSQL or not will see an available local talent pool here in Colorado.

The other day I broached the idea of a security bounty in the Drupal project. I had first heard about this concept from the Mozilla Foundation's Security Bug Bounty which appears to be the most famous of these.

Why Security Bug Bounty's are a good idea

This is pretty simple:

1. It provides at least some motivation for folks to actually look at the code and find security bugs making the software more secure.
2. More folks looking at the code is always a good thing.
3. Just the concept and the existence of the program reminds people that we take security seriously, and informs them of the proper way to report a bug.
4. In the case of the Drupal Association - which can't make decisions about the code based about the statutes (en pdf) (more formats/languages).

Generalized Security Bug Bounty System

This concept seems to me like it could be generalized for any software project. Here are the rules I came up with, based upon the Mozilla foundation's rules.

<

ul>

OpenOffice.org in my life

I just wrote in an email

Alternatively I believe that Excel has a csv import wizard, but I forget how to get it working (I haven't used Excel in over a year).

So, privacy. That's kinda an important thing right now. As we go around the internets we leave all sorts of information about ourselves online. That information is valuable. No, I mean really valuable. Even if you don't submit your personal information (like name, or address) to a website you are still leaving providing private information just by visiting a site. Don't believe me? Look at this press release from hitwise about real estate. Notice anything? Like how visits to real estate sites are a leading indicator of home purchasing behavior. Yeah, your visits to sites, or "clickstream" is a predictor of what you think about and what you are planning to do. Looking for a house - you visit a real estate site. Looking for a new job - you visit a job site. Looking for...you get it. Your clickstream is a mirror of you - even without personal information associated with it.

Big Evil Google

What is the company that concerns you most when it comes to privacy? It's GOOGLE right? Man, their search is so good. Their search is good and their information awareness is so strong and not only do they have my clickstream (cause I only find sites through their site and they know what I click) now they also have my email, spreadsheets & text documents, blog, photos, credit cards & address - shoot, they have everything too. Organized. Segmented. Cross referenced. Searchable. Um, yikes.

Privacy of your clickstream

So, not many people understand programming. Here's a funny/interesting way to describe programming in terms of cooking. I like it.

Similarly, I once heard an analogy about asking a software engineer to build a bridge from San Francisco to Hawaii. A software engineer would say "no problem" and then do:


while (notInHawaii) {
buildbridge();
}


Got your morning coffee? Good - now watch this:

So, when I saw the iPhone I got all excited and wanted to have one. Then I learned it would be locked down to Cingular's network. That won't work. I'm going to Argentina/Chile/Uruguay for about a year leaving in September of this year. So, if I get a new phone it had better work in Argentina.