Asymptomatic

On Sunday, I drove to Harrisburg to meet up with Ryan Duff at the Central Pennsylvania Open Source Convention. This was their first event, covering all sorts of interesting Open Source topics.

Of the six sessions I attended - a packed day - only two were really not of too much interest to me. That's a pretty good ratio in general, and I suppose that had I chosen to go to other sessions during those time slots instead, I would have had more interest.

The open source virtualization session was good, although I had learned a lot of that information already from a similar session at OLF. Still, there was much better coverage of history and hands-on console configuration of client domains. It would be nice to see someone set up a Xen host and dom0 fully....

It was bound to happen to Habari eventually, right? And in the dark recesses of my mind, I'm happy for two reasons. First because at last we merit inspection by "security consultants". Second because we are staffed well enough to have addressed the issue within a reasonable amount of time. But some questions have arisen about how to handle security announcements, and there are distinct sides on the issues.

Spinning out of Control

People are going to publish security notices about your software whether you want them to or not. Sometimes there is altruism at work - people want others to know that something is unsafe. Sometimes it's open malice - people sharing secrets of how to exploit software for their own malicious uses. In either case, as a software author, you can't control what people say about you, and specifically what exploits in your software they expose to the world. So in the end, security exploits result in more spin control than controlling the information.

Obviously, the most powerful thing you can do to spin the news in your favor is to provide an immediate release that addresses the issue. This may be harder to do with smaller teams, since you have so many fronts on which you fight: New features, documentation, support, bug-fixing, and now security-notice tracking. An advantage with open source teams is in the speed with which you can address the issue quickly and reliably, since there can be many people working at once....

Alex and I have been going back and forth in comments over the areas of our interest that overlap. In his recent post, he asks, "how long can organic communities self-moderate?"

I admit that I haven't read the Starfish and the Spider, although I did just one-click it into my Kindle, so it's doomed to suffer my analysis. Nevertheless, I had some comments about how leaderless organizations can thrive, particularly in open source communities, of which I happen to be a part of a couple.

Obviously, one of my passions is working with Habari and the people that have come together around that common goal. When we started, there were just four of us, each with various levels of ability and availability. I think you can pretty well call that "leaderless", since we all worked in tandem, and any small change any one person made was easily detected and reviewed by the other three. But as the project has grown, I think there is some kind of tragic irony in that the size of the operation inevitably leads toward a need for at least an informal management structure....

One application that I look for every so often is a screen measuring application. Developing on the web, I often find myself in need of being able to measure how big something on the screen is in pixels. It's strange that I have not yet found anything that truly suits my needs and workflow.

What I usually end up doing is taking a screenshot of the screen and opening it in Irfanview to measure it. This isn't exactly efficient.

What I would really like is something that sits on true simply in the system tray, and activates only upon pressing a specific hotkey. When I push the hotkey, only then would it take a screenshot of the screen and display it for me, whereupon I could use some measuring tools on it....

When I looked at my GoDaddy account last night, I was sure I've been on crack for the past year - 39 domains. And those are just the ones at GoDaddy. Surely there must be some projects I'm "working on" that people don't know about. Let's see what I can share.

Before I go on let me say this: Will someone please redesign GoDaddy's site? kthxbye

I've got a couple of domains for the kids. I've been trying to convince them to start a little video project, reviewing movies. I thought that a low-impact introduction to the web with a movie review site would be interesting to them. They could watch a movie and tell the camera what they think. Getting them into the idea hasn't been successful yet. I did get Abby to make a video about the cats that I have not yet put online. Whether this is something that you could do (or want to watch) regularly, I can't say. That's two domains....