An interesting quote from a Google (ex Amazon) engineer on the relative importance of accessibility over security
https://plus.google.com/112678702228711889851/posts/eVeouesvaVX
“But I’ll argue that Accessibility is actually more important than Security because dialing Accessibility to zero means you have no product at all, whereas dialing Security to zero can still get you a reasonably successful product such as the Playstation Network.”
This week I back at work after a week off and am trying “run commuting”. Well to be accurate I plan to get off the bus early and run abut 6 miles home each night. I have tried this a few times before and found that having the right gear was important so after some searching here is my run commute setup.
BackPack – Camelbak Octane 16 liters for clothes and gear and 100 oz hydration bladder. I anticipate getting a tablet soon and should be able to drop that in if needed.
Watch – Garmin 405CX complete with heart-rate band and foot pod.
Shorts – Zoot Ultra Run – Superb shorts. Weight nothing, stretchy material and zip on the back for credit card / key.
Shirt – Various
Footwear – Vibram Five Fingers Bikila I have tried Terra Plana Evo’s but my feet slipped so I now wear those during the day and run in the five fingers.
Rain Jacket – Helly Hansen. The one I have they don’t make any more but is similar to the Seattle but with thumb holes. It’s definitely worth getting a running specific raincoat as the shape is designed to not rise on your back.
All in all it should be very light, easy to stuff into the pack in the morning and comfortable for most conditions on the run each night. I know I need to be careful what I wear to work so I don’t have to lug back lots of clothes while running. I am shedding my wallet as I carry stacks of cards I rarely use and moving my loyalty cards into Key Ring App. I will carry a few charging cables for the watch, phone etc. and some Schure EC2 headphones (although I never listen to music while running).
I would love to hear about others run commute gear!
I was at the baseball on Saturday I had a crazy idea for a fun (and totally useless) geeky mobile app. I am not going to do anything about it but thought I would jot it down just in case. Feel free to use this idea for free as you see fit. as if anyone would……
Mexican waves in stadiums are pretty cool like this one http://www.youtube.com/watch?v=H0K2dvB-7WY or this one http://www.youtube.com/watch?v=1pVpbaldgZ8&feature=related but they are basic circular patterns. They could be even better by using modern mobile phones technology. If you could get everyone attending a big event to install an app you could then use GPS co-ordinates to plot the crowd and give them very specific time-based directions to create complex patterns. One level of the stand could rotate a clock-wise wave while the other level rotates anti-clock-wise. Maybe converging and diverging patterns, right up to swirls and vortexes…the list goes on. Totally useless but I bet would be amazing to see!
Note : This is a silly idea for frivolous fun but maybe there is advertising to be made to the thousands of people in a specific location. The richer the target the higher the advertising CPC / CPM.
Every few years I pop my head up and re-engage more actively with OWASP. This year I saw a bunch of chatter coming from the OWASP Summit about the need to be more developer centric and my interest was piqued again. I posted here and here. After a week of some healthy discussions it is time for me to slip back into the OWASP shadows again. I will be speaking at the AppSec USA conference in September (OWASP’s 10th birthday). More on that in due course.
OWASP holds a special place in my heart but I am not convinced that the new momentum around ‘developers’ that I had hoped was going to emerge is actually fundamentally different from what is being done today. Why slip into the shadows and not try and influence it to be what you want it to be? If I have learnt anything about community its that the majority drives a good community and if you want to influence the majority who aren’t aligned to your way of thinking you have to invest a lot of time and energy to do it. I just don’t have that time or energy for the topic right now. People often say “I hope you prove me wrong” but don’t really mean it. I do. I really do hope that @JonWillander and crew prove me wrong and get a thriving developer community engaged but it seems to me that there is still a very strong prevention (or discovery) of vulnerability centric approach as opposed to being focused on security as an enabler (the builder metaphor). It’s valuable stuff but simply not where my personal interests are or what I believe is needed and so it’s time to slip back into the OWASP software security shadows for me for a while longer. I am sure I will surface again in the future.
Now that said what I did discover over beer and email is that there are a LOT of people passionate about OWASP but also think that things could be a lot better with some changes to the way the community works. I agree. For instance @sourcecodesec told me that he would like a democratic way to run a local chapter meeting. He wants to be able to propose a meeting, have active local community members vote on what presentations are given and have attendees get to vote on presentations / presenters. This would effectively democratize the chapter meetings process and avoid any local chapter leader having too much control over what happens at chapter meetings. You would effectively get a facilitator / organizer and the local community democratically making decisions. I have thought quite a lot about this and I think as well as democratizing the chapter management process a rewards system can actually ensure the good facilitators / organizers are recognized and rewarded. Chapter management is a problem I have heard a number of times in a number of locations so I am convinced this isn’t isolated and I am convinced that an innovative social software solution could benefit all chapters and the project as a whole. I have also heard about other challenges like OWASP members who would like to submit and read tools reports and even security reviews but do so anonymously. This is also an interesting problem. How do you share data that you can trust without revealing identifies and source? I have some ideas on this as well.
I am partnering with Marius Grigoriu on a side-project we are now calling Software for Humans which is setting out to build an online community for people interested in online community and explore exactly these kinds of community & social challenges across the spectrum of online communities. We plan to push the boundary on building social software and using the community to drive feedback and direction see if our collective ideas might work in code as well as on paper. We plan to go live with our site later this week (hopefully Thursday). Our software won’t be open source but is built on Ruby on Rails an integrated with many social platforms like Twitter and FaceBook. It seems to me building better community software is the most valuable contribution I can possibly make to OWASP while also fueling my passion for building social software. Cool eh ?
I have started drafting a “Guide to Building Online Communities” (provisional title) using a wiki. The work will be published for free under a Creative Commons license as part of a community I plan to launch in a few weeks. This initial draft is really to provide something for the community to “hack on”.
If you have experience in creating, participating or running online communities and have some words of wisdom to share then please get in touch (blog comments or email).
The provisional Table of Contents can be found here.
- Mark Curphey
Comments (0) 
Themocracy