The Myth of the Expert

Second semester of my junior year in high-school had started and I was fairly eager to return to classes and not do the homework that was assigned to me. My last class of the day was a math course, pre-calculus if I remember correctly. I sat next to my friends and we began talking when the teacher walked in and wrote this on the board, “mean what you say and say what you mean”. He then turned to the class, told us to take out a piece of paper and write about what this meant. I looked up and began questioning his sanity… What in the world did this have to do with math?!?

He told us that we would need to be able to express, clearly, the ideas and concepts that we had to in our lives. That understanding the meaning behind that phrase would help us to better ourselves. However, that he would help us to understand this through math. The remainder of the course turned out to be great and we didn’t talk much about this, but I would always attempt to tie what we learned back into it.

It struck a chord with me. Now, I can thank him for presenting the question. I’ve had to deal with a handful of very sticky situations that require the truth and brevity.

With this in mind, how does one manage being truthful and concise while doing something such as marketing or advertising? Both of these professions tend to lead to the twisting of words such that new and hidden meaning is applied. So, how can, in good conscience, people do these professions if they follow the rule of “mean what you say and say what you mean”?

Ultimately everything comes down to marketing and advertising does it not? If I have a task that I need done, I have to market the task to the person(s) doing it such that they feel an important role in the success of the task. If I have to mow the lawn, I can sell the idea to the neighborhood kid such that they can make a quick buck. But, how do I go about doing this? It’s easy enough to say, “Hey kid, you want to make a couple bucks”. However, I’ll likely have to make a second pass at some point because it has a higher chance of being done poorly.

If I now turn that into something like, “I’m looking for an expert grass cutter. Are you that someone”. The kid can take some pride in what s/he is now doing. Plus, they will make a buck and likely make more for doing a great job. But, does this really make them an expert landscaper? No. In fact, it would be absurd to say such a thing.

This being the case, I’m beginning to wonder why in the world we have so many “experts” in any field. Surely Einstein was an expert in his field, but what about the rest of us that are in the back 95% of the bell curve? Can we truly call ourselves experts? The obvious answer is no.

I remember when I graduated from college fully believing that I was a programmer extraordinaire. Man, I was good…I’m tellin’ you. In fact, I was one of those 5% in the world. Once I got into the “real world”, I realized that I’m probably at about 50%…and that is likely pushing it. But, I am expected to market myself in such a way that I portray an expert. I’ve always been confused by this.

Don’t get me wrong, I love coding. I love diving into a problem and coming out on top. But, that sure does not prove me to be an expert. I’m not sure whether it is a fad. that people have attached themselves to or whether it is just something that H.R. people eat up, but it seems to happen far too often. As a hint, when interviewing, don’t tell me you are an expert unless you are ready to prove it.

Be honest and upfront with what you know how to do, and be modest with what you do not. The vast majority of us are not experts by any stretch of the imagination and while you may fool someone into hiring you, there is a high likelihood that you’ll be asked to do something out of your ability. Modesty would have served you well in that case.

In addition to people needing to understand that overstating their abilities is taboo, people making judgment calls need to stop jaw-dropping over the ultimate. There are very few around and you are unlikely to see that resume. Provide a more granular view of the information they are providing to you so that you can assess the true validity of said “expert”.

What are your thoughts? Are experts overrated? Is there a myth? Am I just part of the inept 5% way to the left of the bell curve? Throw it at me. I’m curious to know what you think.

Updated Site

I decided it was time to get with it and upgrade my blog software. I’d been on a very old version of wordpress for since this blogs inception. In the spirit of security and such I decided it was as good a time as any to upgrade my stuff. That being said, let me know if you find anything that is borked.

Enjoy.

The Internet: How to Protect Your Privacy

In lieu of my last post, Well Done America: Privacy Owned, I wanted to provide some information about how to protect yourself. Now, there are few things to note about everything that I’m going to say here. This protection only goes as far as you do, if you leave something open, well…good luck to you. It’s like what Thomas Edison said, “I found 2000 ways not to make a light bulb”, he only needed one. All security is about the weakest link, right? So long as I can find one way in, I’m in.

Also, any method of encryption I mention here can be cracked by the NSA. There are some brilliant minds working there, but in the spirit of being “big brother”, they put restrictions on the level of encryption that is _legally_ allowed. Thus, if you want to use something outside of the encryption algorithms that the NSA knows…happy hunting. Ok, lets get into it shall we?

Websites

When you visit a website you have a few ways of seeing the information. By this I mean there are a few protocols that your web browser understands. The two prominent ones are “HTTP” and “HTTPS”. HTTP is a protocol that pushes content around the internet. HTTPS, also known as HTTP with SSL, is purely an extension of that but it is _encrypted_. Using Public Key cryptography, when you visit a site the whole session is encrypted. This is very powerful and very useful. What happens here is when you go to the website you are sent a public key from the website. This public key allows you to see the contents of the webpage by decrypting the unreadable content. The website encrypts the content before sending using a private key. Such that when it passes the data along to you it appears to be jibberish. The private and public keys are linked together, meaning no other public key can work to decrypt the contents of the site that the private key encrypted. It’s a nifty technology that we’ll talk more about later.
Imagine this scenario: You want a different perspective on the “War on Terror”. You decide to hit up some Google for “Hezbollah” and then for “Jihad”. It is likely that a number of these sites will be offshore (assuming you are in the US) and so your traffic will be under the watchful eye. So, to in an effort to protect what you are viewing you can try to go to sites that only support HTTPS. Meaning if you type “https://” in front of the domain rather than typing “http://” you’ll know whether it is supported. If it is supported you can access the site only through that protocol and are therefore better protected from people snooping into your traffic.

Email

There are numerous times when I hear someone say to me that they sent their phone number or credit card number in an email. When I hear this I cringe, and I’m sure at that point they understand that something is wrong and that it isn’t lunch. One of the things that most people don’t realize or understand is that email is transfered in plain text. Meaning, when I send “Hey, how was your day?” over email, anybody that is between my computer and where it’s headed to can see that communication. It’s a very similar problem to the website problem, just a different originating source. So, again we come to private and public key encryption.

Because the email protocols do not care what format your email is in, they will pass bits along to wherever you ask. Thus, you can encrypt the body of your message such that nobody is the wiser and you now have secure communication. This means that I now cannot sniff your creditcard information out of the tubes and even if I were able to I wouldn’t know because it would look something similar to “$#Svdfg345$%#&*@Ded,mlpo(lo”. Catch my drift?

So, this being so great and all you need to figure out how to implement it. Because the purpose of this post is not to be a tutorial I’ll post some links.

• How to encrypt your email with Thunderbird
• Encryption in Apple Mail
• Encryption in Microsoft Outlook
• Microsoft: Encrypt Email Messages

This all being said, STOP EMAILING CREDIT CARD NUMBERS AROUND!

Personal

There are a number of times when you will want to have files on your system encrypted. Say your real brother wants to take a quick glance at your journal, diary, whatever and spill all your secrets? What can you do? Well, since I’m the oldest in my family, and the brother…not much, my sister never stood a chance. But, with this information she may have.

Truecrypt is a tool that allows you to make a volume on your system that is entriely encrypted. That means, you can essentially create a folder for all of your word documents, saved emails, and so forth. You can encrypt that folder. Then, when your arch nemesis tries to see what lowly secrets you behold, they will be stumped…Think Ben Stiller in Zoolander.

Lifehacker has a good article about the latest iteration of Truecrypt. I recommend this software to anyone. In fact, I use this software with clients because I trust it more than anything else. You basically tell it how large you want your volume to be and then which level of encryption you would like and it’s done. It’s impressive and powerful.

Anonymity

This one is somewhat stretched. The reason I say that is because nobody is ever fully anonymous on the internet. But, in trying to keep with the theme, I’m just providing you with some information. The Tor Project is a project focused purely on internet anonymity. I’ve actually used this tool to access sites that have been blocked from me before and so forth. It’s a great tool and provides a nice level of anonymous browsing.

Tor works like this: you request a website, that request is forwarded to n number of machines. The last machine in that chain makes the actual request to the site you are visiting. The data from that request is then sent back to you. By the way, when I say request I am talking about when you type in “http://google.com” and press enter or click the “go” button in your browser. You are, at that point, making a request for a web page.
Now, this gets a bit hairy when you talk about Web 2.0 interaction based sites and AJAX based sites. The reason is that one request may go through the chain A->B->C->D and the next request may go through B->C->A->E. This means that your session information which was associated with machine D is lost and that you need to open a new session with E.

The next problem that I can think of deals with public and private keys. You don’t ever want to use this tool if you are trying to manage secure information. Think about how these things work. If I send a public key to you so that you can decrypt my information but I did so through 5 other servers, if one of those servers is bad, you have just given it access to a key that can decrypt your message. Websites using HTTPS aren’t good to use here. For instance, assume you are viewing your banking information, every machine has the public key you used to decrypt that information. That means that they can decrypt that information.
It is cumbersome and has some risks associated, but if you are only trying to get some non-secure information and not send any data, it’s a nice tool for anonymous browsing. It lets you get past some of those work based restrictions to Myspace and Facebook! ;D

Well Done America: Privacy Owned.

Normally I try to stay away from the politics and such. I don’t have much interest in dealing with people who understand very little about technology. In fact, I have very little patience for those who make decisions related to how I use my technology when they understand nothing about it. Today I read a post at Tech Crunch about an amendment to the FISA Act of 1978 that Barack Obama voted for today.

Now, I understand that bills will contain more information than just a specific topic but as Dan Kimerling points out:

Given that each day tens of millions of people have their data go across the networks of some of the larger telcos, the risk that these companies faced by working with the government on extra-judicial wiretaps was extreme. In giving companies that work with the government immunity from these penalties, H.R. 6304, and Barack Obama who voted for it, just took away the only reason stopping AT&T, Verizon, and others from helping the government use extra-judicial wiretaps.

This is a huge problem. How does allowing wiretapping and surveillance of my information help anyone? How is this really in the interest of the general public? I do often wonder what goes through these politicians minds when they are voting on some of these topics. Is it purely about votes? Do they genuinely feel that something as haneous as wiretapping is “good for us”?

Not only does this give the teleco’s free reign on our data, but it protects them from anything in the past! Also, this has given the government more insight into our data. This paranoia has gone too far and on for too long. We as a people need to stand up for what is right. We need to do more than just “believe” or “hope” that things will be O.K. and that our “leaders” will do right by us. We can’t wait for them to make more decisions such as the one Obama and many others did today. Is this the “red scare” all over again? Has it come to that?
Because of this I’ve decided to do some searching around. I realize that I am a bit out of the political loop and so I need to really do some research, but I can’t seem to find anything that would support such a thing. For instance, I saw a video clip over at The Bivouac showing a number of points from the CSPAN report.

What I fail to understand here is that the points made in support of this amendment seem to be things like “fear mongering” and “rhetoric”. How can this sway the judgment of the majority? There has to be something that I am missing here. Can someone clue me into what would make this many people support such bull?

So, as part of my travels across cyber-space I found the text of the amendment. In reading part of this amendment I found a bunch of it appalling. It is to the point where I feel I _have_ to be reading it wrong. For example, how else am I supposed to interpret the following passage:

Now, our proponents will argue that the plaintiffs in the lawsuits against the companies can participate in briefing to the court, and this is true. But they are not allowed any access to any classified information. Talk about fighting with both hands tied behind your back. The administration has restricted information about this illegal wiretapping program so much that roughly 70 Members of this Chamber don’t even have access to the basic facts about what happened. Do you believe that? So let’s not pretend that the plaintiffs will be able to participate in any meaningful way in these proceedings in which Congress has made sure their claims will be dismissed.

The way I read it is that we have people making a decision on the issue when they don’t even have access to the information. Am I wrong? I can’t believe that 70 people don’t even have a classification high enough to see the material being discussed! How can decisions be made this way? Maybe it is my ignorance in the ways of big brother, but can we honestly have a system that supports this kind of behavior? We have to hold our government accountable for their actions. This provides a “get out of jail free card” to those that feel like I could somehow be a terrorist. Hell, I wouldn’t be surprised if after writing this I’m thrown on the list.

So, I guess I will end with this. If I am missing something please inform my ignorant self because this just seems too far fetched. Yet everything I find seems to support the conclusions I’ve come to in this post. Why do away with our freedom. Why remove our privacy? As the amendment text says:

This framework, which has been in place for 30 years, protects companies that comply with legitimate Government requests while also protecting the privacy of Americans’ communications from illegitimate snooping.”

We have a responsibility to protect our freedom. If the government seeks to take that away then something should be done. We live in one of the greatest nations because many of our laws protect the citizens. Lets keep it that way.

For those interested, here is a list of articles I found while researching this topic:

• Crooks and Liars: FISA Bill
• ProgressiveDem: Caving on FISA Bill
• The Washington Monthly
• The Raw Story: House Intelligence Committee
• Cryptome: H.R.6304
• Tech Crunch: Barack Obama Breaks Promise…Supports Telcos
• Barack Obama Pic’s

* UPDATE *

There appears to be a decent amount of traffic related to this topic on these here tubes which is good. This issue shouldn’t be taken lightly. I’ve seen a bit more information and so I thought I’d share the links with you all.

• Huffington Post
• Salon.com: Betrayed by Obama
• Slashdot: Obama Losing Voters
• Digg: FISA Fight, Epic Failure
• Digg: Congress Supports Spying
• Digg: US Senate Annihilates Constitution
• Analysis - Obama’s Arguments on FISA
• Telecom’s Allowed to Spy
• Intelligence Abuses and FISA Amendment Act
• ACLU FISA Form
• Ars Technica: FISA compromise passes
• Ask Pelosi: FISA, telecom immunity and oath of office

Hire the Meta Thinker

In the past few months I’ve seen suggestions such as fire the workaholics all the way to fire the underachievers. Then you’ll see suggestions about how to hire and what to hire. What I don’t understand is that everyone is looking for specific traits, “has xx years working with J2EE, has handled a project from start to finish, has lead a team of 5+ people, has a 4 year CS degree”. What is the point? None of the above is going to really help when it comes down to producing something good. I say skip the crap and focus on thoughts and thought process. Hire the meta thinker.

I find that the quality produced from meta thinkers is far superior to the contrary. The reason I say this is because the person writing the code cares about asking what and why. Simply asking “What is this method supposed to accomplish?” and “Why am I writing this method?” starts the thought process into what will inevitably be a much more powerful set of tools.

Not only will those tools, functions, libraries, etc. be more powerful, they will be reusable. The reason I say this is because a meta thinker will think about the practicality of the functions or libraries. Meta thinkers aren’t concerned with the number of lines being produced, in fact, it tends to be the reverse. A meta thinker strives to drive the number of lines required down to the optimal level. The optimal level being the most efficient level. This ties into the “what”; the reason I am writing this function is because it allows me to create an object within the database. A meta thinker asks, how can I make this universal. How can I make this work outside of my specific scenario.

The other reason a meta thinker will produce better code is because of the “why”. A meta thinker understands that not everything requires separation, but attempts to see whether it makes sense to do so. To develop great software you will want some people who ask “why am I writing this?” One thing that will come out of that question is the finding of libraries or other tools. Also, you’ll find that the task at hand may be too complex for the purpose and realize and architectural fault in the system…Why am I really required to write ASM for this web app? Is the speed increase necessary? Maybe it’s time for a new framework. A meta thinker will find flaws less obvious than this one.

Beyond this, a meta thinker is someone you want around because you can bounce ideas off of them. A meta thinker will be able to help you flesh out ideas. These people will be able to expose issues or bless your concept. You are nearly always guarenteed to have a good idea of the more difficult parts of the operation once you’ve talked with these people.

Another reason you want to hire meta thinkers is because they are interesting to talk with. Not only do you build your level of understanding, you start to think differently. You learn and adapt your thought patterns similarly such that you’ll find yourself asking why a lot more. You’ll find that, after a period of time, you are the meta thinker.

This process is enlightening. You find that you try to solve a problem before solving the problem. Instead of diving into an issue you will think about it before and then attempt to solve the problem. This produces cleaner code and better performance, both in code efficiency and in the rate at which you write your code. By meta thinking, you find that you are solving the problem of how to solve problems. You are finding out how to write reusable methods by thinking about how to write methods. Your thoughts begin to change and your notion of just getting it done changes because you know that there is a better way.
Now think about it, would you rather work with someone that comes into the office and just does what is necessary for the day and then heads home, or would you rather work with someone that meta thinks about problems and come up with a crazy solution to a problem? I prefer the latter, it is just more interesting to me but, bottom line, I would prefer to gain more value for my buck.

RantOn: “Term” 2.0

A few months ago a friend told me a story where some dude kept referencing “Social 2.0″. This AM I saw a link that said “Health 2.0“. What’s next? Mobile 2.0, Your Body 2.0, television 2.0, etc… Where does it end? The person who coined the term “Web 2.0” is a marketing genius. That term has taken off. Not only has it torn the the internet and social media outlets, but it has begun to reach places such as the health industry.

I understand that the term itself sounds great. “We’re going to revolutionize this industry, lets tack a 2.0 on there! HURRAH!” The issue with this is the same response I had to the notion of YA2.0 (yet another 2.0). If you hadn’t guessed my response was irritation to the point of writing this post.

In case anyone is wondering, the term is played. Adding the 2.0 to the end of a term really doesn’t mean that you have a new version or that the revolution has come. It is just marketing. You still have to make people believe in your cause or whatever you are doing. But, when you use the term plus 2.0 you are now playing with a term that is _very_ weighted. And, if you are talking about a terms emergence or next steps in the technology realm or on the internet, then you are pretty much putting yourself at the bottom rung.

My recommendation is to hire a true marketing person and have them figure out a good term for you. If you are bent on doing it yourself, take a look at what Rohit Bhargava had to say in his talk: 10 Truths About Marketing to a Web 2.0 World.

And Your Password Is…N4z!.

Often I hear people complain about the complication involved with security measures. Also, when something happens such that information is leaked or a security breech happens I hear people complain about how there is not enough focus on security. Security is not meant to be user friendly. It is supposed to be a responsibility.

Today I read a post over at the Influential Marketing Blog about passwords called “Don’t be a Password Nazi“. And, at first when I read it I thought, “You know, he’s right…why do we make it so damn complicated on users.” I even got to the point where I started to comment on the post. I was a couple lines in and thought, “Wait a second…security should come first!” Thus, I’m going to list the points and retort.

“Let users choose an appropriate level of security. I understand that to access your online banking, you need to have a really secure password. The problem is that many sites take a one size fits all approach to passwords. Do we really need the same security to log in to read my subscription of the NY Times? Of course not. More sites need to consider how secure their site really needs to be, and give users more flexibility to choose any kind of password instead of doing things like requiring capital letters, numbers or changes every 3 months.”

User information is generally _very_ telling about the passwords that s/he uses. Thus, if I manage to crack a password to someones Times account, I can find all sorts of information about them which is going to be generally useful in figuring out who they are. Beyond that, I get information such as email address, local address, phone number, and so forth. This kind of information is incredibly useful when doing social engineering. I can now call you up acting as someone from the times or some other account that I think you may have access to and ask for passwords and other information. Most people would be skeptical at first, but the art of social engineering is the ability to convince that person that you mean no harm. And, I don’t need everyone’s information, I only need a couple people to “volunteer” this information. Thus letting users pick their level of security is a bad idea. Most people would pick weak and then throw in a password like “pickles”. Bad idea.

“Use password hints instead of just resetting. Many times, a user will know their password, they just need a hint in order to get it. For this reason, password hints can be very effective, because they are immediate and let a user get their password without submitting a form, waiting for an email, clicking a link and going through a long process to access your site.”

Normally I would say this is alright, most companies do it. However, most of the time these “hints” are ridiculous. Asking me something like “What is your mothers maiden name?” is easy to crack. Most systems do not build in a “three strikes and your out” security feature. This means, I can run a dictionary attack over the most common last names for people until I find a match. It’s easy, it’s effective, _and_ it can be distributed. That means that I can fire the attacks from multiple machines around the world. This makes it infinitely more complicated to track down and stop. Also, it means that I can perform the attack faster. It’s unfortunate, but it is one of those things that you need to be mindful of.

“Share your syntax rules. I have one type of password I use if a site requires me to use a capital letter. I have another if a site tells me I need to do that along with a number. Sometimes, if I knew the syntax rules that a particular site used, that would be enough of a prompt for me to “remember” my password and get into the site. The most frustrating thing as a user is to go through the whole process to reset your password only to realize that you had it correct all the time, you were just forgetting to capitalize a letter.”

While sharing may be caring, in this case it hinders. Sharing password syntax greatly reduces the number of possible choices a cracker is required to go through making a system extremely insecure. I have an example, there is some math involved but for my own sake I’ve tried to keep it simple.
Think of it this way, if I have a password that is only one letter long and it can be alpha-numeric with the special characters along the top of the number row on a keyboard how many possible passwords can I have? 26 letters doubled for capitalization, 10 digits, and 10 special characters. That is a total combination of 72 possible passwords I can have.

Now, lets assume that I have a password that is two characters long with the same password constraints. That would be 72 squared equaling 5184 choices. Lets assume that we say tell our users that they are required to use a special character (the row along the top of the numbers for our example). I’ve now taken the set of possibilities down a huge peg. I’ve now said that the password is only a set of 72 * 10 which is 720 possible choices.

You can see that having to cycle through a fraction of the set of possible passwords is considerably easier than the whole thing. Thus, sharing syntax rules probably isn’t a great approach. Obviously if you don’t match the syntax rules then a system will yell at you about it. But, stating the rules would purely be a courtesy to the cracker and nothing more.

“Think outside the “password.” One thing that I have always loved about Priceline is after entering my email address on the site, it never asks me for my password. Instead, based on the email, the site asks my response to a personal question that I set when I first registered. As a result, I have never forgotten or had to look up my password for the site. It also makes me FAR more likely to visit that site first and return over and over - because they make it easy for me to login.”

Ease of logging in should never be a determining factor in whether someone decides to use a site or not. In fact, the easier it is, the less likely I am to use it. I find myself being very critical of sites that are too easy to login to. With the advent of social networking sites wrangling data from other sites using your account information, wouldn’t you like it better if you knew your information was secured?
I really have a hard time with insecure behavior and arguments because I know that we should all be looking for something better. Why is it that security only takes a back seat until something goes wrong? Why is it that backing up data takes a back seat until something goes wrong? Why not spend the time to do something right instead of taking the easy way out? I am guilty of thinking all the same things posted above, but we need to change the way we think about these issues. We need to spend time and money on data backups and security. It does cost money and time to do both, but when we don’t we set ourselves up for failure.

If we look again at the social networking sites, think about the plethora of information that is available. If I am connected to 200 people and someone nabs my password, they now have access to those 200 people and their information.

This is the way I look at it. Being a user and developer of systems, I want to build something that I may actually use. I want to feel secure with the tools that I’m using, there is a reason I am using the tool. I feel a great deal more loyalty towards a company/brand if I know that they put the chips in when it counted and didn’t take shortcuts so that it was easier on me. I prefer that my house be stable and be forced to walk up stairs rather than put an elevator in which could cause the house to collapse at any point. Lock down my passwords like Fort Knox for all I care. Shouldn’t this be what we all want?

** UPDATE **

I realized this morning that all I did was shoot down the ideas mentioned above without providing any sort of solution. So, there are a couple of things here. First, private/public keys are great for this sort of thing. You can authenticate that you are who you say you are with matching keys. Sites that built in a system for this would be far better off. Then someone only needs to dump the public key into the site.

Along with this, we should be using “https” more often. This allows encrypted page viewing such that a person can’t sit between you and your website and watch your data. Think of the issues with wireless communication here. We were all concerned that people were going to see information on our wireless network. Agreeing that would be bad pushed steps toward encrypting wireless data and now we have WEP and WPA among others.

Lastly, I would say that using OpenID is the best way to go. If you can’t remember information, then you store your password once, remember one password, and use one password. But, I do not think this should be taken lightly. A single password is a single point of entry for any site you visit. Not only that but other services can be registered in your name. However, used with the other two suggestions I’ve made and you have a fairly well locked down authentication system that could lend itself to being the most user friendly approach while not skimping on security.

A Day in the Life of an Open Source Project

Open source projects can be a challenge to manage. Why? Imagine this, you have a product you hold near and dear to your heart. You’ve poured blood, sweat, and tears into this thing and you have finally hit something you think is worthy. You ship it out to the world and say, “Here is my code: feed, digest, and enjoy.” Twp hours later you are bombarded with 40 emails telling you how horrible an idea using algorithm X, Y, Z was and how you should see that obviously W, X, Y is the preferred method. Then you see others that make note of your lacking skills in coding and that you should quit your day job. Next you see about 5 patches that need to be reviewed to fix bugs in your system. And lastly, you have requests to help enhance your product. This makes you want to pull your hair out- assuming you have any left at this point.
The picture I’ve tried to paint, I’m not an artist so forgive me, is not a very shiny or happy one. In fact, that is one of the things that turns people off from open sourcing products. Sure there are other reasons, but managing open source projects is very hard work. So, how do you make it easier. You should note that the community is not going to letup at all on the product providers. Everyone has an opinion and thinks it needs to be heard/read. So, without getting into the why’s or the benefits of open source, lets discuss how.

What things can be done to better control the flow of an open source project.

1. Patch Management- Bug fixes are going to come in, but to control those you could set up a bug management system. There are a number of bug management tools available; you just need to find them and use one. This will allow you to continue working on the things you need so that you can schedule 30 minutes at the end of a day or every other day to review any patches that came in and either include them or send them back. Not only will a bug system allow you to manage patches, it will provide a clear roadmap for your users and other developers. Thus, people wont step on each others toes. Two bug management systems that come to mind are Jira and Trac. Atlassian has a deal for open source projects as well, so take a look.
2. Enhancement Management- Branches. Branches. Branches. I’m not talking about the crap-tastic ones that SVN provides. I’m talking about real branches; DVCS branches. Go out and experiment a bit with Git, Bazaar-NG, and Mercurial. See which one tickles your fancy and pick it. You will have a far better time running your project with one of those rather than the alternative. And, if you don’t want to deal with hosting one of those you can use services such as Launchpad. What having one of these allows for you to do is create a branch that only the ehancers can push changes into, This effectively keeps the sources separate. But, when time comes to review the enhancements and push them back into the main branch, you can do this with a decent amount of ease.
3. Peer Review- You will never be able to break the flood of “you suck” commentary. However, you may be able to channel this behavior into positive, constructive criticism. Peer code reviews are great methods to keep you on your toes and make sure that you are always learning. My thoughts are that there is always someone more intelligent than you are out there. So listen. You can use some tools that provide a great way for people to write back on the code you are producing such that the comments go from “Why in the world would you use X?” to “Algorithm X is inefficient here because you loop over the data set twice. Use Y instead.” The commentary will become productive and useful. Tools do exist to aid in review; take a look at Crucible.
4. Ease of Contribution- Remember open source is about the community. You can’t half ass this. People have to be able to contribute in one way or another. And, they will know if you are just giving them the run-around. Therefore you need to allow for people to easily contribute. Many times people will be able to squeak 30 minutes in here or 2 hours there. And, if they have decided to spend that time on your project, you should be grateful. They could be doing something else. Thus, if you make it easy for them to help you, you’re likely to see better results from your open source-ness.

If you keep these tools in your toolbox for helping you to run an open source project then you are more likely to succeed with your project. Keeping the right attitude will also help. Be sure to take all criticism as good criticism. It can be hard since your code is generally close to your heart, but nobody is perfect and having a good attitude towards criticism will always be a benefit to yourself, whether in an open source project or not.

What approaches do you take when working on open source projects? How do you contribute? What are the steps you use to push your project to success?

Web Site Greetings and Localization

As I tackled a couple of tasks for a project I’m working on I had a few thoughts, yes… contrary to popular belief it does happen! How do people perceive greeting messages? Do people require them? Do they expect the message to stay the same? Do they expect that it will be localized appropriately?

See, what I have been thinking is that I personally prefer a blend of locales. Meaning, in one instance I wouldn’t mind seeing a French version of Hello or Welcome while on my next visit I see it in English, and then another in Spanish. I’m not sure whether that is just me or not. So I’m asking you what you feel about this.

Or, an I just overthinking the whole greeting in that it doesn’t really matter. You see it once and then move straight to content?

What are your thoughts?

Diablo III Officially Announced

Yesterday a friend of mine and I had a conversation that went something like this:

Him: “Have you checked out the Blizzard site today?”
Me: “No, why some SC2 stuff?”
Him: “Hah, just check it out.”

And in that moment, I flashed back to that time when I was playing the first Diablo; the hours…the gear….the memories. I loved this game series.
Diablo, Diablo II, and the DII: Expansion were great games. For whatever reason I used to play them all the time. In fact, my freshman year in college I played the DII: Expac through classes. I was fully into it.

Now, Blizzard has announced the new game, Diablo III. I am again, already into it. The trailor made me want to pull out the old games and install em on my new machine (in fact I’m still a bit undecided as to whether I will or wont). And, the gameplay looks orders of magnitude better than it used to be. The classes look more powerful and Blizzard seems to have really put some focus on the UI as well.

What I’m curious about though, is if we will have the ability to mod the UI just as we can with WoW. I’m sure Blizzard wants to keep it known that these are two separate game series and as such they don’t want the two to collide in terms of look and feel. But, UI enhancement is an element that adds to gameplay.

Anyway, there it is. Check out the HD trailor…it will give you goosebumps.