Thanks for all the Fish

I’ve always loved that book or in fact any of Douglas Adams books as they made me laugh while reading for the first time. And like the ending of that series it always seemed a good way to start a ending. This is only the 3rd real job I’ve ever had and they’ve all ended with that as the subject line, so by now you all know where this is going.

The last 3 years 9 months and 21 days have been the best of my adult working life. Mozilla has been more than a job, more than a career. It was a home. The opportunity to apply ones talent in conjunction with values and mission is a gift. It’s a dream state, even on bad days, that I gladly would have remained a slumberer in. The Community of Mozilla is a powerful and wonderful uniqueness that embodies the core of what it means to be Open, and if we ever lose that we’ve lost a precious gem.

I hope to work with many of you again at some future time. If we cross paths somewhere I’d happily lift a libation in remembrance.

With that I shall end with one of my favorite bits of poetry:

Two roads diverged in a yellow wood,
And sorry I could not travel both
And be one traveler, long I stood
And looked down one as far as I could
To where it bent in the undergrowth;

Then took the other, as just as fair,
And having perhaps the better claim
Because it was grassy and wanted wear,
Though as for that the passing there
Had worn them really about the same,

And both that morning equally lay
In leaves no step had trodden black.
Oh, I kept the first for another day!
Yet knowing how way leads on to way
I doubted if I should ever come back.

I shall be telling this with a sigh
Somewhere ages and ages hence:
Two roads diverged in a wood, and I,
I took the one less traveled by,
And that has made all the difference.

 

/Curtis

Posted in Misc, Mozilla

Curtis Report 2014-10-17

This week was a real grab bag of stuff starting and stopping and interruption that kept me all over the place.

I’m particularly happy to see the python learning group starting the week of 2014010-20 and I feel like the work for my local Mozillians and KitHerder is getting closer to done. I spent all day Fri working out install issues with KitHerder with the developer (thanks WiredCrow for all the help).

  • local Mozillians working
  • Announced Python learning group
  • Working on more details and bits for next weeks launch
  • SecChamps Report
  • vendor review
  • SeaSponge video feedback
  • EME research
  • EME PTR setup
  • KitHerder wrangling / install

Meetings

Mon

  • Weekly meeting

Tue

  • SecAutomation
  • Cloud Security Team Meeting

Wed

  • MWoS team meeting
  • Web Bug Triage

Thu

  • Sec Open Mic
  • Community Building Team
  • 1:1
Posted in Misc, Mozilla, Uncategorized

Curtis Report 2014-10-10

The great majority of my week was spent trying to get a VirtualBox instance of Ubuntu running with Mozillians and KitHerder so I can write so user docs and what not for using KitHerder in a new Mentorship Process. It turned out to not be so simple and in fact I did not get it really working until 2014-10-13, I am considering writing a more detailed blog post so others can have an easier time as the current docs seem to be missing a few steps and tricks.

To that end much thanks to the very patient folks on #commtools for helping me out with all the errors and troubleshooting.

What I did this week

  • bugzilla sec release activities
  • Kitherder: prep work (install Mozillians)

Meetings Attended

Mon

  • 1:1
  • Mozilla Monday meeting
  • Web Bounty Triage

Tue

  • SecAutomation
  • Cloud Services Security Team
  • MoCo Meeting (recording)

Wed

  • MWoS team meeting

Thu

  • MWoS Monthly Update

Fri

  • PTO
Posted in Uncategorized

Curtis Report 2014-10-03

I spent a good deal of this week doing RTB activities that are mostly non-noteable other than they have to get done. I likely should have taken a PTO day to recover from DerbyCon (lesson for next time) I jumped right back into things.

On Thu I attended the Louisville Metro InfoSec conference put on by the Kentuckiana chapter of the Information Systems Security Association (ISSA). This is a  yearly gathering of InfoSec professionals from Louisville, Southern Indiana, Lexington and Cincinatti, and a few from furhter out. This event also allows infosec students from local schools to attend for free and a large number of them did attend.

I spent most of the day promoting OWASP and Mozilla via a booth the organizers were kind enough to give for free. I was supposed to have help so I could attend some talks but my 2 other co-leaders had to leave town suddenly (will have to watch IronGeek recordings).

While I did not have any items to give away we did get lots of traffic at the booth, mostly due to my FirefoxOS device. While it is an older geeks phone I did have the latest nighly installed on it. The student attendees were most excited about it, some even taking pictures of different screens. They seemed quite interested in the developer tools in Firefox (WebIDE) along with the FirefoxOS simulator. this lead to natural conversations about getting involved, mentored bugs and mentorship projects at Mozilla.

The large topic of discussion with the more coporate types centered around our Cloud Services efforts. I fielded lots of questions about Sync (how they could do their own), Firefox Accounts, Location services and Marketplace. There is good deal of angst with the corporate types over the tension to use cloud for cost but concerns over data ownership, privacy and security of such services. They were quite pleased with our efforts and also liked that they could do hybrid cloud (public-private) mixes with Mozilla offerings.

What I did this week

  • [vendor redacted] ground work for internal pen testing
  • DerbyCon trip report
  • TRIBE Prep
  • Safari books for MWoS team

Meetings Attended

Mon

  • Mozilla Project Meeting

Tue

  • secautomation
  • Update on Firefox OS Release Cadence
  • Cloud Services Security Team Meeting

Wed

  • MWoS team meeting
  • Cloud Services All Hands

Fri

  • Security/Privay/Vendor Reviews Discussion w/ Marshall
  • last day virtual beer for coworker
Posted in Mozilla, Random

The Curtis Report 2014-09-26

So my last report failed to mention something important. There is a lot I do that is not on this report. This only covers note worthy items outside of run the business (RTB) activities. I do a good deal of bug handing, input, triage and routing to get things to the right people, remove bad/invalid or mis tagged items. Answer emails on projects and other items etc. Just general workstuff. Last week had lots of vendor stuff (as noted below) and while kind of RTB it’s usually not this heavy and we had 2 rush ones so I felt they worthy of note.

What I did this week

  • kit herder community stuff
  • [vendor redacted] communications
  • [vendor redacted] review followup
  • [vendor 2 redacted] rush review started
  • Tribe pre-planning for next month
  • [vender redacted] follow ups
  • triage security bugs
  • DerbyCon prep / registration
  • bitcoin vendor prep work
  • SeaSponge mentoring

Meetings Attended

Mon

  • impromptu [vendor redacted] review discussion
  • status meeting for [vendor redacted] security testing
  • Monday meeting

Tue

  • cloud services team (sort of)

Wed

  • impromptu [vendor redacted] standup
  • MWoS SeaSponge Weekly team meeting
  • Cloud Services Show & Tell
  • Mozillians Town Hall – Brand Initiatives (Mozilla + Firefox)
  • Web Bug Triage

Thu

  • security open mic

Fri-Sun

Non Work

  • deal with deer damage to car
Posted in Mozilla, Uncategorized

The Curtisk report: 2014-09-21

People wanna know what I do, so I am going to give this a shot, so each Monday I will make a post about the stuff I did in the previous week.

Idea shamlessly stolen from Eric Shepherd

What I did this week

  • MWoS: SeaSponge Project Proposal (Review)
  • Crusty Bugs data digging
  • Mozillians.org security review (move along)
  • Firefox OS Sec discussion
  • sec triage process massaging
  • Firefox OS Security coordination
  • Vendor site review
    • testing plan for vendor site testing
    • testing coordination with team and vendor
  • CBT Training survey
  • security scan of [redacted]

Meetings attended this week

Mon

  • Weekly Project Meeting
  • Web Bounty Triage

Tue

  • SecAutomation
  • Cloud Services Security Team

Wed

  • MWoS team Project meeting
  • Vendor testing call
  • Web Bug Triage

Thu

  • Security Open Mic
  • Grow Mozilla / Community Building
  • Computer Science Teachers Association (guest speaker)
Posted in Misc, Mozilla, Uncategorized

No Free Lunch

Over the last week or so there has been considerable discussion of the proposed plan to include some advertising in the first-run experience of Firefox for new users (Directory Tiles).  There is still considerable work and ideas to complete by others and in myself as a Program Manager for Security and Privacy.

We’ve accepted advertising in communication media for some time now. Both traditional radio and television are supported by advertising which we readily accept in exchange for content. This of course has been a passive model as without work said advertiser cannot gauge the audience.  This advertising for content model has largely extended to the web with some obvious modifications. The use of various technologies on the web has allowed advertisers to gain far more knowledge and to target advertising to a deemed a willing or desired audience. This tracking and data aggregation is also what gives most users concern over Internet advertising. We don’t really want advertisers knowing things about us that does not have an obvious benefit to us. I believe it’s safe to say that we accept advertising for content within certain confines. I also can’t imagine how much worse the Internet would be if everything  were behind a pay wall. The open, shared, connected, and hackable Internet would be far worse and much less usable. So, the fact is advertising pays for the Internet, or at the least a large part of it. Yes we can use add-ons and scripts to hide ads, and as users that is our choice. If everyone did that all the time I think we could agree the Internet that would result would be far worse for all. As an example see the message that shows up to visitors of Reddit when add blocking extensions are used (or at least used to). There is a trade-off here t0 be made and this is where I think Mozilla has a lot to offer.

Mozilla has what I would call an excellent track record of introducing disruptive technologies for the betterment of humanity. We started with the browser in a time when there was only one browser, a lot of people have forgotten that time. We’ve successfully proven that an open source, community driven project can change the web. We’ve  shown that the web authentication model can be done in a privacy protecting way, hence Persona. I’m quite surprised that people don’t think that we can improve Internet advertising in a way that benefits both parties, both parties being advertisers and users. We’re opening our eyes with add-ons like Lightbeam so users can make informed choices about what they want to share and with whom. There should be a motivation for both myself and the advertiser that is open and available for the sharing of information that leads to mutual benefit.  This is part of building the Internet that the world needs. One where privacy is at the forefront in all things.

Posted in Mozilla
Twitter
LinkedIn Profile
Follow

Get every new post delivered to your Inbox.