Archive for the ‘Open Source’ Category

Codeathon Bounties

Wednesday, September 12th, 2012

A compelling case study: At Bay Area Drupal last year, I met Sean Larkin  of ThinkShout who reported his work for a Drupal Distribution, Watershed Now, ( which he made for a group of nonprofits. To develop the program, $16,000 was needed. Whereas nonprofits are often cash-strapped, especially in the current economy, by pooling resources, they were able to develop software that none of them could afford individually, and each nonprofit received a $20,000 Drupal product for a fraction. In addition to the cost savings to a larger group of users, Sean noted that by coordinating necessary specs between the  users  he ended up with a much more complete product description than working with a single customer.  As a result, the end product was more widely useful to a larger group of nonprofits than it would have been if it were built solely on the wishlist of a single user. This particular case  is a win for the Free Open Source Software movement because it provides a generalized model for cost-effective collaboration for nonprofit organizations.

I want to explore this scenario further to illustrate how it could work in a codeathon. Representatives of the nonprofits can proactively form a consortium which will create specs RFP-style and release them as a project with a bounty. At the codeathon event itself, programmers will write the code and test the software. At the end of the process, the representatives of the NPOs will review the demos and act as a jury who award the bounty. It is preferable if the programmers coordinate their efforts–we don’t want multiple versions of the same basic code–but in some cases, the same tool can be created in different programming languages or for alternative platforms. The jury will reward the tool which best suits their needs. Despite the judging, the codeathon is not about competition, rather its purpose is to create the best and most utilitarian Free Open Source Software. The codeathon is at heart a collaborative process which encourages organizations to pool resources effectively and to develop more widely applicable specs and products.

The panel could include more than representatives of the NPOs—for instance, design experts. What are your thoughts about a jury panel for a codeathon? How can the bounty process be made more collaborative?  Please share them below in the comments.


Lazy trumps all – for the supporters of SOPA and PIPA

Wednesday, January 18th, 2012

One of my favorite quotes from Hunter Ellinger is: “Necessity may be the mother of invention, but laziness is the father.”  (I don’t know if he said it first, but that’s where I heard it first.)

I find that quote to be accurate in so many ways.

I look for how to get the most leverage and the quickest win.  The normal arguments about doing the, “right thing”, unfortunately, don’t always apply. It doesn’t help that the industry itself isn’t really trusted or viewed as doing the “right thing.”

So in regards to SOPA and PIPA – we have to ask: “what are the real goals here?”

If the REAL goal is to sponsor the artists and make their lives sustainable, then we need to take advantage of people’s laziness.  Set up something like iTunes appstore for individual artists and give them a fair cut.

Or perhaps we should better pursue something like YouTube’s commodification for popular creators/posters.  If you have a popular enough channel, you can actually make a living off of it.  But then, YouTube actually understands the Long Tail in regards to content creation.

Another option would be something like a donation jar like the website which allows you to give micropayments to content creators and bloggers.

I also like the idea of microdonations for nonprofits.  But again, make it easy…  Appstore purchases are only a password away!

Also don’t force me to “steal” to enjoy something I have already purchased.

RIAA and MPAA need to start looking towards more convenient purchase models like iTunes and Paypal.  (Though Paypal could be a lot easier IMHO.)  It is so easy for me to do “the right thing” on iTunes.  Imagine instead that more artists saw direct profits like developers do on the appstore…  How would that change many peoples’ purchasing habits?

I also hope and dream that someday Facebook will realize the amazing monitization that could occur if they looked at things a little more like YouTube and realized that we are not the content to be sold to advertisers but instead are the artists that could be supported by our friends.


You’re doing it wrong!

Wednesday, March 3rd, 2010

“You’re doing it wrong.”  I believe is one of the most counterproductive statements a person can make.

First of all – that statement gets little accomplished.  Typically it makes the person that is “doing it wrong” dig deeper to defend their work.  Why – well they are WORKING CREATING ACCOMPLISHING.  Something is vested and so therefore I must defend that time and effort on my part that I have vested.  It is a natural and some what justifiable human response.

And it be honest, “You’re doing it wrong” is typically an inaccurate statement.  Instead it should be “I think that you are not creating what I think I want.” Or perhaps instead “you are not doing what I would do.”  And sometimes “you are not doing what 99% of the rest of the world would do.”  That doesn’t actually make it wrong…  I mean Feynman talks about science being that constant challenging of norms and experimentation.  When is something actually 100% wrong?

I strive in life to be the person that helps people figure out that instead of them both fighting over the orange.  One person wants the peel while the other needs the juice.

So I am working on this citability codeathon.  It is interesting to me that many view me as dictating a standard that is incompatible with whatever they are doing and therefore my project must be competition.  This reminds me when I was at the National NonProfit Congress and I had to facilitate a discussion between two Nonprofits that were angry that the other was “stealing their poor people.”  I view this as losing sight of the cause or the reason we do what we do.

Our mutual goal is to make data citable and therefore more accessible to the people.  There are many paths there.

For the codeathon, I have several groups that will be attending.  At first glance, it might seem we are at odds.  For example everyone assumes that Joe Carmel’s must conflict w Citability.  He and I talked for several hours.  They don’t.  Actually citability may make his job easier.  We both know we could never get all the govt sites to adopt citability and that makes his tool quite necessary.

Also the Coins and URN:LEX crowd, those datamarkup standards can easily be added to the citability markups.  URN:LEX isn’t for everyone since it must be created and maintained by a governmental body but there is no reason why we can’t add a special parser to citability to add those fields when they are available.  Same with the semantic web.  Citability only requires 3 things: A unique location, datestimestamp and granularity.   There is so much more to be added.  When it was created, we KNEW it wasn’t perfect.

I suppose when you start a project from a point of view where you know what you are doing is not the complete answer, it makes it easier to see adaptive solutions.

I consider what we are doing with citability to be a baby step.  I don’t consider it to be right and other ways wrong.  I typically find that if we can sit down and talk there are easily ways to make things interoperable.  I believe that citability is right for a small part of what we are trying to accomplish.  I don’t think it is perfect.  Far from it.  I think eventually we will have some fascinating structures to build folksonomies, taxonomies and ontologies on top of this esp where we can specialize for different documents etc.

I know that Tim Berners-Lee is doing a huge project in the UK with Linkeddata.  I think that is awesome.  But I’m not sure about that project being available for the City of Austin anytime soon.  I am working within some very limited constraints.  I really want him to succeed. It would make many things easier if he does.  But this doesn’t mean I stop doing what I am trying to do.  It doesn’t mean our way of doing things is wrong. Life is evolution.  We use HTML 5 and XML now :-)

But for now, I am trying to do what I believe is right for now.  Doesn’t mean I think what you are doing is wrong.  Just maybe wrong for me.  But there are so few of us creating in this space… I find it sad to argue over someone stealing their poor people…  Instead, let’s talk and see if maybe you just want juice while I am eying that orange peel.  And yes you are INVITED to the codeathon to work on your project as well just make sure it is Open Source :-)


nifty video about presenters at OSCON

Monday, August 10th, 2009

I love Gregg Pollack’s use of Viddler where he has put links for all the presenters he managed to wrangle at OSCON09.


FOSS can lead to more secure software for Government

Monday, July 20th, 2009

Security issues with…

1) Open Source (community created) – Open Source Communities don’t always focus on risk analysis.  This is a paper tiger since typically FOSS programmers are not paid to care about security as top priority.  If compensated properly, they can and will implement proper security procedures.  I do not know anyone that views this as “FUN” programming.  However the source code can be viewed and therefore fixes can be made by anyone that is paid to do so.

2) Proprietary – Typically proprietary software results in a single point of failure in regard to code being fixed.  That singular point of failure is the vendor.  All the insane governmental contracting regulations are created to try and prevent that vendor based failure from happening.  Much of this is CYA dumping on the vendor in the attempt to create an equitable relationship.  Often times this also results in software being unreasonably expensive.  These CYA attempts are a smoke screen however because you never really know if the software is secure without the visible code and all its inner workings.

3) Homegrown – If done in house, you have the ability to see all code and do proper vetting procedures.  But hiring upper echelon programmers is difficult.  The vetting process is one that most programmers are not typically willing to go through just because of basic creative personality characteristics.  A top programmer can make more money with less hassle in the business sector.

So I suggest a melding of all three.  If you can’t see the code is it ever going to be truly secure?  Instead have internal teams focus on proper security vetting.  Create good release procedures about security information and adding back working fixes to the FOSS community.  And if necessary (typically I see this as a failure of timing) do not release security information until internal teams have created a fix that is ready for the public.  Also use those third party outsiders to do security testing of the FOSS products.  It doesn’t matter if their source is open or not.  They just have to inform you of the vulnerabilities they have found.

I think Government could perform an amazing community service that is a win/win solution for the public by focusing purely on the Customization and Security of FOSS projects with their internal teams.  This way they can be suitably vigorous without significantly increasing the barrier of entry to contractors and  FOSS communities.  And they could save money but not having such convulted contracting procedures.

Also Proprietary companies that help with security processes of risk analysis and risk management and can help supply warranties.  After all why would anyone undertake risk without compensation?  Otherwise it is an inequitable relationship that cannot be trusted.

Let us not forget the change management aspect of adopting a new methodology.  Working with open source code AND open source COMMUNITIES is going to require some serious change management for current government employees.  There is a HUGE cultural break because so much in resources is currently used for CYA. We have to retrain them in regards to open processes.

Also recognize with being so integrated with FOSS there may come a time for the project to fork because of security issues.  This is extremely difficult and political and must be managed properly.  This will require serious training in typical FOSS community culture and processes.  For example govt employees should understand the basic stages of FOSS development and the different risks that each stage poses.

We also need to prep FOSS vendors on how to integrate with government processes as well.  There is a middle ground here.  We need to define it for the barriers to be broken down successfully.  We have to be ready to help gently educate them as well (instead of being self absorbed self righteous a$$#&& – you know who you are…)

You can see from the need for security, risk analysis, risk management, and change management that FOSS does not reduce costs.  But it can result in better software for the money spent with less flamboyant failures that seem inherent to the current high risk bidding procedures in government.

Some good reference materials:


How to save the world in 3 easy steps

Tuesday, June 30th, 2009

This is the 10 year plan I created in 2004

1) transparent govt
2) transparent business
3) introduce checks and balances in behavior
and create legal constructs when social norms fail

I started on all this because I am “Silona Bonewald” the only one in the world and I am a database geek. So I realized with the nature of things as they become electronic – privacy thru obscurity is gone. We needed a new (might I say better) type of checks and balances. And decided to start making govt and businesses more transparent.

When I started I didn’t talk much about business – everyone thought I was crazy enough in regards to govt. But now with the crash and such… I am not looking as crazy.

This is why I do allllll the crazy projects I do…
this is my theme!


quantifying evil

Saturday, April 4th, 2009

Can you quantify evil or corruption?  is it an absolute number?  can it be a singular metric?

ummm no it can’t

we all have different values and perspectives.

What we might be able to do is quantify based on information given the chance or percentage you might think something or someone is corrupt or evil.

But really… this all come down to time and transparency.  If we give all the information and if you have the time/intellect does our stuff seem right to you?

or you could trust “experts” and perhaps also be “corrupted” by influence…

The reality of that transparency without “expertise” is actually useless and a form of overload.  For it to be useful, it must be interpreted… that means bias.  I prefer to know where my bias comes from.  I trust in bias :-)

I find it interesting in so many groups currently the end goal is transparency.  And for me transparency is simply a neccessary description of a process.  I do not find it to be good or evil simply necessary.

Why I decided to do Open Source code was not a question of morality.  It is a practical question.  If you want me to trust your code, I want to see it.  I want to know I have the ability to fix your mistake (even if honestly I might not be smart enough.)

The other business models out there are not “evil.”  They are what they are.  I just think with today’s online toolset and ability to crowdsource; they are outdated.  They require a different kind of trust.  That trust is “I paid you money I expect your software to work. ”  There is no evil there.  There is no evil in bartering.  You can walk away from a deal.  You can choose not to use a product.

evil I believe lies in purposeful deception…  and then um yea…


Microsoft’s outdated business model and how they can redeem themselves

Tuesday, March 31st, 2009

So I was talking the other day to Mark Hindsbo, the GM of Evangelists at Microsoft. He was basically wanted to talk about healing rifts with the OpenSource community. I was a bit blunt and brutal (but in a gentle way :-))

I said it is impossible for the OSS or FOSS communities to ever believe MS. I said the OSS shouldn’t and that MS should quit trying. The MS business model is broken in regards to OSS. The only way to change that trust is to change the business model.

The way to do that is focus on services. But maybe not services the way the FOSS community does…

I said if MS wants redemption it should look to the clouds…

hehehe or “the cloud.” One thing MS has always respected is the automony of its business clients and developers. I mean that is the point for such products as Small Business Server. Business clients are responsible for their own data and can act autonomously. This is NOT a stretch for people to believe in when it comes to MS’s reputation.

With the cloud’s current state, Data/autonomy is being taken away from people and businesses. Years ago I registered the URL when I realized this was happening.  Though understand,  I have a gmail address. I am as guilty as the rest. But, at least I understand the tradeoff of convenience to secrecy.

So what can MS do? instead of Open Source… they should give people back their data. On MS cloud, Azure, they should do it right. Charge for services. Encrypt the data so the Feds can’t raid MS to get YOUR company/ind data.

and here is the BIGGIE


Let people SEE the data can be gathered and decide if they want to SELL it back to you for “free” services. This will KILL google. When people realize the scary psychometric data being gathered and presented back to them ESP companies… I think they will find it worth while to pay for services.

I mean most companies don’t even realize that they void NDAs when using gmail addresses. Make that transparent to them. Create accountability.
This isn’t just about security… it is about another form of transparency and that is about data.

People as a whole don’t care about code… they care about themselves and their data is a reflection of that.

yea… sometimes I’m evil. But they loved me at the Microsoft VIP party at SXSW.

At the very least we will be able to check the anonymizing functions the data is being put through… and make up our own minds as to what monolith to support.

Personally this gal with a libertarian bent likes it better when the monoliths are fighting it out.