Posts tagged Open Source

Social Accountability

Two services that we use at Resgrid a lot, UserVoice and Rollbar, don’t have Cordova Plugins. Every couple of months I would cruise the Internet to see if there were plugins for those services. Every time I turned up empty handed and left the cycle to repeat.

accountability-businessAfter thinking about it again I decided that this isn’t the type of company I want Resgrid to be. See a hole, fill that hole. So I started working on 2 Cordova plugins, one for UserVoice and the other for Rollbar. But prioritizing working on them was difficult. So I decided to push them out to GitHub and see if some social accountability would help motivate me, within a week we got our first PR.

The result, it did. That first PR where someone took the time to clean up some code and fix some issues forced me to dedicate some time to get the plugin working.

Being Socially Accountable is far more then just publishing code on Github or Bitbucket. Communicating your goals to other people, telling your fiends what you hope to accomplish or every morning during your stand up, your practicing social accountability.

But social accountability can be a curse. A while ago I watched a talk given by Jacob Thomton at the dotJS conf in 2012 about the history of OSS and why he feels bad. If you haven’t watched it it’s a good watch, note there is some NSFW language in the talk.

You can spend a lot of your time working on a side project just because it got some stars, PR’s or open issues. Even for small projects I’ve seen this stress people out. A coworker of my released some controls as open source and got a ton of issues back from people using them. Most of them didn’t try and fix them and submit a PR or patch, instead they just logged an issue.

Because of this or other factors maybe you don’t want to practice social accountability via Open Source or maybe you cant due to IP or the private nature of the code. But there are plenty of other avenues, treat your daily standup as an accountability session, have a channel on your Slack instance dedicated to accountability where after DSU you post your daily goals.

Accountability is a powerful thing, but it can be a drag on you as well. Just like everything it has pros and cons, but I feel that people don’t practice it enough. When social accountability is used well it will help you focus, raise visibility and showcase your accomplishments.

Check our Resgrid’s 2 new OSS projects our Cordova Rollbar plugin (https://github.com/Resgrid/cordova-plugins-rollbar) and our UserVoice Cordova plugin (https://github.com/Resgrid/cordova-plugins-uservoice). and hold us accountable.

Resgrid is a SaaS product utilizing Microsoft Azure, providing logistics, management and communication tools to first responder organizations like volunteer fire departments, career fire departments, EMS, search and rescue, CERT, public safety, disaster relief organizations, etc. It was founded in late 2012 by myself and Jason Jarrett (staxmanade).

Open Source is not inherently more secure

If your not following the Heartbleed issue, it’s an amazing issue that affects a large portion of the Internet’s secure traffic. The gist is that there was a change committed to the main codebase at the end of 2011 that allows an attacker access to the memory of the server. Any secure connection utilizing the OpenSSL project could be affected, from your email, your private computer systems to your bank. Almost every major company has been affected in one way or another.

The OpenSSL project is a pillar of Open Source Software and utilized by almost everyone. Mashable has a great list of companies/services where you should immediately change your password. I believe that it’s been known for some time that there is nothing about OSS that makes it more secure then closed source, but somehow the myth is still out there.

open-source

It is true that because the source is available for anyone to see that anyone can catch and fix bugs or security issues. But what a lot of people miss is that there has to be a motivating factor for people to do so. Just because the source is out there there doesn’t mean that it will happen.

Additionally the people maintaining or responsible for the project a lot of times have little motivation to spend more time on finding these issues. In the case of Heartbleed the code was reviewed before it was accepted, someone looked at the code that would 2 years latter send the Internet into a frenzy and accepted it as good.

OpenSSL is a vital project and utilized by a large portion of the Internet, yet it’s run on donations and a shoestring budget. It’s completely maintained by volunteers that have to worry about their real jobs to pay bills, and it’s not their fault for skimming over stuff. The motivational factors are not there as they would be in a full time position, if something like this got missed, someone is getting fired. In an OSS project, “Oh I don’t have to spend all my free time contribution to this thing, oh darn”.

The sad fact is that the people who do have the motivation most of the time are the ones who will profit from the mistake. Think the NSA or hackers looking for ways to steal information. How long have they been actively using this exploit over the last 2 years?

Heartbleed should be a call to arms for companies to contribute more to major open source projects they utilize. A project of OpenSSL’s importance should have a full time staff and should be well supported, I have always tried and contribute to projects I use, I rarely have the time to do anything more then give money, but that’s vital, because it gives motivation. Helping out a project with code, patches and reviews are nice, but major companies need to give money to these projects.

Resgrid will also start donating yearly to open source project we utilize and we want to make it part of our culture of giving back to open source. Resgrid is a cloud service company providing logistics and management tools to first responder organizations like volunteer fire, career fire, EMS, search and rescue, public safety, disaster relief organizations, etc. It was founded in 2012 by myself and Jason Jarrett (staxmanade).

It’s small companies that should start leading the charge, even though we can’t give much we hopefully can start shaming the big companies into giving to OSS projects that help build their products and services.

Sign Your .Net Assemblies, Please!

I can’t tell you how many times I’ve referenced an Open Source .Net project and tried to compile only to be greeted with the “Assembly Generation Failed” compiler error. Some of my absolutely favorite projects StructreMap, NUnit, CommandLine and more never have a problem with this.

But more often then not with some “off the beaten path” OSS .Net projects…

image

I sign all my .Net projects with a Strong Name Key, first it provides a ‘small’ amount of security to ensure that the assembly hasn’t been tampered with or corrupt. I say small because with about 10 minutes of work you can remove an SNK form a .Net assembly. But if your creating a library that you expect people to use, it should always be signed, why, because you cannot reference a non-signed assembly from a signed project, but you can do the reverse.

So by signing your assembly you make it more usable to those of us who sign our projects, and don’t impact anyone else, seems like a Win-Win to me.

Go to Top